MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: spyware and adware problems plz help!!
November 22, 2019, 06:45:36 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 06:45:36 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: spyware and adware problems plz help!!  (Read 3898 times)
alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« on: March 24, 2005, 05:18:30 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



ok i got mad problems with spyware and adware so bad i have to be in safe mode to even be on the web cuz it won't load or it takes way to long to load and i have cable.One of the programs that i use for my spyware problems is spy sweeper along with spybot.Spy sweeper got ride of some of the stuff spybot couldn't but i still can't get ride of callinghome.biz that's the only spyware file i know of.As for adware i think i got like 9 left.I had over 200 i think but spy sweeper got ride of most of them.After doing a scan with spy sweeper it told me i had  to delete the follwing files manually.
C:\Documents and settings\owner\local settings\temp\~dllfntmp3
C:\Documents and settings\owner\local settings\temp\~dllfntmp2
C:\Documents and settings\owner\local settings\temp\~dllfntmp1
C:\Documents and settings\owner\local settings\temp\~aproposo
C:\Documents and settings\owner\local settings\temp\daytool
C:\Documents and settings\owner\local settings\temp\fleok
C:\Documents and settings\owner\applicationdata\lycos
C:\windows\isrvs\icons

I found C:\windows\isrvs\icons but when i tryed to delete it would say access is denied make sure the disk is not full or write protected and the file is not currently in use and yes i made sure to
show hidden files and folder. I also made sure i unclick hide and portect operating system files.So i need help in finding and get ride of the files.



here my hijack file


Logfile of HijackThis v1.99.1
Scan saved at 12:05:12 AM, on 03/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx Pro\PXAgent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\windows\system32\B5b9f4sQl.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\windows\system32\aca1Nj7.exe
C:\WINDOWS\SysCheckBop32.exe
C:\Program Files\Prevx Pro\SAGUI.exe
C:\WINDOWS\System32\aircity.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\aircity.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\My eBooks\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ah1xncdx] C:\Program Files\ah1xncdx\ah1xncdx.exe
O4 - HKLM\..\Run: [gjlnylua] C:\WINDOWS\System32\qlhkyhya\gjlnylua.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: C:\documents and settings\owner\local settings\temp\B.exe
O4 - HKLM\..\Run: [B5b9f4sQl] C:\windows\system32\B5b9f4sQl.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [srcp] C:\WINDOWS\srcp.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Owner\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKLM\..\Run: [aca1Nj7] C:\windows\system32\aca1Nj7.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [r32W3sl] dbmwapi(4)(2).exe
O4 - HKLM\..\Run: [PrevxPro] "C:\Program Files\Prevx Pro\SAGUI.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a0t6RiJqg] bat1_qcx.exe
O4 - HKCU\..\Run: [aircity] C:\WINDOWS\System32\aircity.exe
O4 - HKCU\..\Run: [wkfw] C:\PROGRA~1\COMMON~1\wkfw\wkfwm.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {47D15637-C629-4B67-8C4C-D9C4CD3A59F5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {47D15637-C629-4B67-8C4C-D9C4CD3A59F5} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/mmviewer_ic13.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109699677953
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40opt/SpySpotterCabInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\Prevx Pro\PXAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


« Last Edit: March 24, 2005, 05:33:33 AM by alucard19 » Logged

 
alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« Reply #1 on: March 25, 2005, 04:56:32 PM »

is someone going to help me?
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #2 on: March 25, 2005, 05:03:32 PM »

Relax Wink

We're doing our best to keep up with all the problems that are circulating at the moment.
I'm going over your log now and I hope we can sort this out.
Logged

redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #3 on: March 25, 2005, 05:44:17 PM »

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.
Right click My Computer and select Properties.
Click the System Restore tab and in there disable it. Apply and OK out.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files


Now download the following programs:

CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
Stinger
About:Buster <-- you won't use this one until after we've made some amendments to your logfile.
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.
ISTsvc remover

The first thing you do is to run the ISTsvc remover. Follow the prompts until it's done.

Next do the following, to unregister offending drivers:
Click Start -> Run and at the prompt type the following (repeat if there are more files than one)

regsvr32 /u sasetup.dll

Now go to the following online AV scanners (using Internet Explorer):

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

- Select
Logged

alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« Reply #4 on: March 26, 2005, 02:02:42 PM »

ok the first thing i did was dl all the stuff u said then i went to the online scanners.Here are the results for RVA scanner


1)Scanning memory..
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\Owner\My Documents\Downloads\incoming\2_Copy of [PS2] PS2 DVD Game rip kit (rip dvd games to a 700MB cdr disc).zip->Dreamcast Dummy File Maker.zip->sb-dc10.exe - PWS:Win32/QQRob.1_0 -> Suspicious
C:\WINDOWS\private-zone.exe - TrojanDownloader:Win32/Small.AAO -> Infected
C:\WINDOWS\sasetup.dll - Trojan:Win32/Dialer.BI -> Infected
C:\WINDOWS\system32\private-zone.exe - TrojanDownloader:Win32/Small.AAO -> Infected

Scanned
============================
   Objects: 63421
   Directories: 3562
   Archives: 19863
   Size(Kb): 1979903
   Infected files: 3

Found
============================
   Viruses found: 2
   Suspicious files: 1
   Disinfected files: 0
   Mail files: 337






2) The results for Antivirus found 2 or 3 things and i was able to delete them.

3) Here the results from the 3rd scanner(panda activescan)

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Possible Virus.               No disinfected                C:\windows\system32\B5B9F4~1.EXE                                                                                                                                                                                                                                
Possible Virus.               No disinfected                C:\windows\system32\aca1Nj7.exe                                                                                                                                                                                                                                
Adware:Adware/SaveNow         No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/StatBlaster     No disinfected                C:\Program Files\WildArcade                                                                                                                                                                                                                                    
Adware:Adware/Apropos         No disinfected                C:\DOCUME~1\Owner\LOCALS~1\Temp\cfout.txt                                                                                                                                                                                                                      
Adware:Adware/Twain-Tech      No disinfected                C:\DOCUME~1\Owner\LOCALS~1\Temp\THI*.tmp                                                                                                                                                                                                                        
Adware:Adware/E2Give          No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/ISearch         No disinfected                C:\Documents and Settings\Owner\Local Settings\Temp\B29726837\build3.exe                                                                                                                                                                                        
Virus:Trj/TSUpdate.A          Disinfected                   C:\Documents and Settings\Owner\Local Settings\Temp\GLF15DGLF15D.EXE                                                                                                                                                                                            
Spyware:Spyware/SurfSideKick  No disinfected                C:\Documents and Settings\Owner\Local Settings\Temp\i1B4.tmp                                                                                                                                                                                                    
Spyware:Spyware/SurfSideKick  No disinfected                C:\Documents and Settings\Owner\Local Settings\Temp\i5.tmp                                                                                                                                                                                                      
Spyware:Spyware/SurfSideKick  No disinfected                C:\Documents and Settings\Owner\Local Settings\Temp\iF.tmp                                                                                                                                                                                                      
Possible Virus.               No disinfected                C:\Documents and Settings\Owner\Local Settings\Temp\ptf_0002.exe                                                                                                                                                                                                
Virus:Trj/Multidropper.QW     Disinfected                   C:\Documents and Settings\Owner\Local Settings\Temp\RAZR.exe                                                                                                                                                                                                    
Possible Virus.               No disinfected                C:\WINDOWS\system32\aca1Nj7.exe                                                                                                                                                                                                                                
Possible Virus.               No disinfected                C:\WINDOWS\system32\B5b9f4sQl.exe                                                                                                                                                                                                                              
Virus:Trj/Downloader.AWZ      Disinfected                   C:\WINDOWS\system32\cache\20001.exe                                                                                                                                                                                                                            
Virus:Trj/TSUpdate.A          Disinfected                   C:\WINDOWS\system32\cache\AMEX_54.exe                                                                                                                                                                                                                          
Adware:Adware/ISearch         No disinfected                C:\WINDOWS\system32\cache\MTE1NjE6ODoxMg.exe                                                                                                                                                                                                                    
Adware:Adware/ISearch         No disinfected                C:\WINDOWS\system32\cache\MTE1NTA6ODoxMg.exe                                                                                                                                                                                                                    
Virus:Trj/SCBop.B             Disinfected                   C:\WINDOWS\system32\cache\setup.exe                                                                                                                                                                                                                            
Virus:Trj/Downloader.BJF      Disinfected                   C:\WINDOWS\system32\cache\skh2.exe                                                                                                                                                                                                                              
Adware:Adware/QoolAid         No disinfected                C:\WINDOWS\system32\cache\VCM QOOL_3.exe                                                                                                                                                                                                                        
Virus:Trj/Downloader.BJI      Disinfected                   C:\WINDOWS\system32\cache\VCMnet7 updated 030905.exe                                                                                                                                                                                                            
Virus:Trojan Horse            Disinfected                   C:\WINDOWS\system32\in4bdlA.dll                                                                                                                                                                                                                                
-----------------------------------------------------------------------
I used  ISTsvc remover and i'm clean with that.

-----------------------------------------------------------------------
Next do the following, to unregister offending drivers:
Click Start -> Run and at the prompt type the following (repeat if there are more files than one)

regsvr32 /u sasetup.dll

I did that to ^ is that a good thing?
-----------------------------------------------------------------------


Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

I did that i'm clean with that.
-----------------------------------------------------------------------

I did that this is the results:
CallingHome.biz: <$DIR_TEMP> (Directory, nothing done)
  C:\Documents and Settings\Owner\Local Settings\Application Data\..\Temp\THI534F.tmp


--- Spybot - Search && Destroy version: 1.3  ---
2005-03-03 Includes\Cookies.sbi
2005-03-02 Includes\Dialer.sbi
2005-03-03 Includes\Hijackers.sbi
2005-01-11 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-03-02 Includes\Malware.sbi
2005-03-03 Includes\PUPS.sbi
2005-03-03 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-03-03 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-03-02 Includes\Trojans.sbi

I still can't delete callinghome.biz too.
-----------------------------------------------------------------------
This is the results for adware i got ride of everything tho.

Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :Saturday, March 26, 2005 8:43:46 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


03-26-2005 8:43:46 AM - Scan started. (Smart mode)

Listing running processes
« Last Edit: March 26, 2005, 02:11:03 PM by alucard19 » Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #5 on: March 26, 2005, 06:03:09 PM »

You don't need the Pro edition for VX2 addon. But you can skip it this time. Keep going with the rest of the tools and delete the entries I pointed you to.

Then post a new HJT log, as that's going to be most helpful when we evaluate your work so far.
So far so good though8)
Logged

alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« Reply #6 on: March 27, 2005, 04:14:36 PM »

When that's done, search for and delete the following files (red) and/or folders (blue).

C:\windows\system32\B5b9f4sQl.exe   <----------- found and delete
C:\windows\system32\aca1Nj7.exe   <------------- found and delete
C:\WINDOWS\SysCheckBop32.exe  <-------------- found and delete
C:\WINDOWS\System32\aircity.exe  <------------ could not find
C:\WINDOWS\sasetup.dll    <----------------- found and delete
C:\Program Files\ah1xncdx\ah1xncdx.exe    <------------ could not find
C:\WINDOWS\System32\qlhkyhya\gjlnylua.exe  <----------- could not find
C:\documents and settings\owner\local settings\temp\B.exe  <------------ could not find
C:\windows\system32\B5b9f4sQl.exe   < -- -----could not find
AUNPS2.DLL <-----------not sure where to begin.
C:\WINDOWS\srcp.exe  <------------- could not find
C:\documents and settings\owner\local settings\Temp\rm05040901.Stub.exe  <------------ could not find
C:\windows\system32\aca1Nj7.exe   <-------------- could not find
C:\Program Files\SpySpotter\SpySpotter.exe <------------- could not find
C:\WINDOWS\SysCheckBop32   <----------------- could not find.
dbmwapi(4)(2).exe  <--------------- could not find
bat1_qcx.exe <------------ where to look?
C:\Program Files\Common Files\wkfw\wkfwm.exe <--------- could not find




I'm not sure if i'm looking theses thing up right unless there gone some how.maybe u can tell me where should i put this stuff at.I'm going to try again if i find more i'll edit my post.

-----------------------------------------------------------------------


Now open up Control Panel and start up Add/Remove Programs. Try to uninstall, if available:

ah1xncdx
gjlnylua
B
B5b9f4sQl
AUNPS2
srcp
razin
aca1Nj7
SpySpotter
SystemCheck
r32W3sl
a0t6RiJqg
aircity
wkfw

 i didn't see any of theses in add and remove programs
------------------------------------------------------------------------



In Xp, here are some locations of Temp files

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Username\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files

I found all of these but one C:\Documents and Settings\Username\Local Settings\Temporary Internet Files

-----------------------------------------------------------------------

Now run About:Buster and follow the prompts to scan (choose Yes/OK for all). It will ask you if you want a second scan, choose Yes

Scanned at: 10:35:04 AM   on: 03/27/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

----------------------------------------------------------------------

 new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:08:20 AM, on 03/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Prevx Pro\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Prevx Pro\SAGUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\a2\a2scan.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Owner\My Documents\My eBooks\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [B5b9f4sQl] C:\windows\system32\B5b9f4sQl.exe
O4 - HKLM\..\Run: [aca1Nj7] C:\windows\system32\aca1Nj7.exe
O4 - HKLM\..\Run: [r32W3sl] dbmwapi(4)(2).exe
O4 - HKLM\..\Run: [PrevxPro] "C:\Program Files\Prevx Pro\SAGUI.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a0t6RiJqg] bat1_qcx.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109699677953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0032.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\Prevx Pro\PXAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-------------------------------------------------------------------
(note: old hijack i found most of what u told me to fix with hijack this but not all.)\
-----------------------------------------------------------------------\


It seem that my pc is running good again.But i still got some pop up's. then i had reboot my pc again and tryed aboutbuster again and i haven't seen one yet. Am i clean?



« Last Edit: March 27, 2005, 04:19:38 PM by alucard19 » Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #7 on: March 27, 2005, 04:48:58 PM »

quote:
Originally posted by alucard19

When that's done, search for and delete the following files (red) and/or folders (blue).

C:\windows\system32\B5b9f4sQl.exe   <----------- found and delete
C:\windows\system32\aca1Nj7.exe   <------------- found and delete
C:\WINDOWS\SysCheckBop32.exe  <-------------- found and delete
C:\WINDOWS\System32\aircity.exe  <------------ could not find
C:\WINDOWS\sasetup.dll    <----------------- found and delete
C:\Program Files\ah1xncdx\ah1xncdx.exe    <------------ could not find
C:\WINDOWS\System32\qlhkyhya\gjlnylua.exe  <----------- could not find
C:\documents and settings\owner\local settings\temp\B.exe  <------------ could not find
C:\windows\system32\B5b9f4sQl.exe   < -- -----could not find
AUNPS2.DLL <-----------not sure where to begin.
C:\WINDOWS\srcp.exe  <------------- could not find
C:\documents and settings\owner\local settings\Temp\rm05040901.Stub.exe  <------------ could not find
C:\windows\system32\aca1Nj7.exe   <-------------- could not find
C:\Program Files\SpySpotter\SpySpotter.exe <------------- could not find
C:\WINDOWS\SysCheckBop32   <----------------- could not find.
dbmwapi(4)(2).exe  <--------------- could not find
bat1_qcx.exe <------------ where to look?
C:\Program Files\Common Files\wkfw\wkfwm.exe <--------- could not find




I'm not sure if i'm looking theses thing up right unless there gone some how.maybe u can tell me where should i put this stuff at.I'm going to try again if i find more i'll edit my post.

-----------------------------------------------------------------------


Now open up Control Panel and start up Add/Remove Programs. Try to uninstall, if available:

ah1xncdx
gjlnylua
B
B5b9f4sQl
AUNPS2
srcp
razin
aca1Nj7
SpySpotter
SystemCheck
r32W3sl
a0t6RiJqg
aircity
wkfw

 i didn't see any of theses in add and remove programs
------------------------------------------------------------------------



No worries, you're on the right track but not quite clean yet.

AUNPS2.DLL <-----------not sure where to begin.
You need to use the Windows Search function to find this one. Click Start -> Search -> For Files And Folders
Make a point of letting it search on all possible harddrives/partitions.

The same goes for the other files you couldn't find, i.e.

dbmwapi(4)(2).exe  <--------------- could not find
bat1_qcx.exe <------------ where to look?

I'll be back in a short while with the response to your log.
Logged

redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #8 on: March 27, 2005, 05:15:47 PM »

Start by running the other spyware/trojan cleaners, just in case you missed something on the first go.


Then let HJT fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [B5b9f4sQl] C:\windows\system32\B5b9f4sQl.exe
O4 - HKLM\..\Run: [aca1Nj7] C:\windows\system32\aca1Nj7.exe
O4 - HKLM\..\Run: [r32W3sl] dbmwapi(4)(2).exe
O4 - HKCU\..\Run: [a0t6RiJqg] bat1_qcx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O15 - Trusted Zone: *.finefind.nettraffic2cash.biz

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109699677953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0032.exe

When that's done, search for and delete the following files (red) and/or folders (blue). Make a point of using the search function that's built into Windows to try locating those files.

C:\windows\system32\B5b9f4sQl.exe
C:\windows\system32\aca1Nj7.exe
dbmwapi(4)(2).exe
bat1_qcx.exe


If you can't delete them due to them being in use by the OS, try booting to safe mode and create a new log there.

Then post it here.

good luck.
Logged

alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« Reply #9 on: March 30, 2005, 05:43:47 PM »

new hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 12:29:24 PM, on 03/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\a2\a2guard.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\My Documents\My eBooks\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\INSTAN~1\Presario\XPHNARS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe (file missing)


Spybot:
CallingHome.biz: <$DIR_TEMP> (Directory, nothing done)
  C:\Documents and Settings\Owner\Local Settings\Application Data\..\Temp\THI534F.tmp


cws shredder: clean
adaware: 1 found and delete
stinger: clean
Ist svc: clean

online scanners
rav activevirus:found 0
trend activevirus: found 0
panda active scanner: found 21
panda results

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:Adware/SaveNow         No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/StatBlaster     No disinfected                C:\Program Files\WildArcade                                                                                                                                                                                                                                    
Adware:Adware/Twain-Tech      No disinfected                C:\DOCUME~1\Owner\LOCALS~1\Temp\THI*.tmp                                                                                                                                                                                                                        
Adware:Adware/E2Give          No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/PurityScan      No disinfected                C:\Documents and Settings\Owner\Application Data\DNX~1.EXE                                                                                                                                                                                                      
Spyware:Spyware/ISTbar        No disinfected                C:\Documents and Settings\Owner\My Documents\My eBooks\MNPASSetup_cb.exe                                                                                                                                                                                        
Adware:Adware/Minibug.A       No disinfected                C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll                                                                                                                                                                                                          
Adware:Adware/MyBHOSpy        No disinfected                C:\WINDOWS\system32\4227195f.dll                                                                                                                                                                                                                                
Adware:Adware/IEDriver        No disinfected                C:\WINDOWS\system32\asfsipc5.exe                                                                                                                                                                                                                                
Virus:Trj/Downloader.BJG      Disinfected                   C:\WINDOWS\system32\cache\EDow_AS2.exe                                                                                                                                                                                                                          
Virus:Trj/Delf.EB             Disinfected                   C:\WINDOWS\system32\cache\HelperInstall.exe                                                                                                                                                                                                                    
Virus:Trj/Multidropper.UO     Disinfected                   C:\WINDOWS\system32\cache\Kyongju.exe                                                                                                                                                                                                                          
Adware:Adware/ISearch         No disinfected                C:\WINDOWS\system32\cache\MTE1NjE6ODoxMg.exe                                                                                                                                                                                                                    
Adware:Adware/ISearch         No disinfected                C:\WINDOWS\system32\cache\MTE1NTA6ODoxMg.exe                                                                                                                                                                                                                    
Virus:Trj/Small.GZ            Disinfected                   C:\WINDOWS\system32\cache\omi.exe                                                                                                                                                                                                                              
Adware:Adware/ILookup         No disinfected                C:\WINDOWS\system32\cache\trgen-fran-default.exe                                                                                                                                                                                                                
Adware:Adware/ILookup         No disinfected                C:\WINDOWS\system32\cache\trgen_fran-162813.exe                                                                                                                                                                                                                
Adware:Adware/QoolAid         No disinfected                C:\WINDOWS\system32\cache\VCM QOOL_3.exe                                                                                                                                                                                                                        
Adware:Adware/ILookup         No disinfected                C:\WINDOWS\system32\rtneg.dll                                                                                                                                                                                                                                  
Adware:Adware/ILookup         No disinfected                C:\WINDOWS\system32\trgen.dll                                                                                                                                                                                                                                  
Virus:Trj/SCBop.B             Disinfected                   C:\WINDOWS\win3206501608291.exe                                                                                                                                                                                                                                

Note: i dl panda free trial and scanned my pc and it found 14


Sorry it took so long to replay.
Logged

 
alucard19
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 24


Bookmark and Share

View Profile
« Reply #10 on: March 31, 2005, 07:37:37 PM »

o yeah i forgot to show you this.

 
C:\windows\system32\B5b9f4sQl.exe <----------- found and delete
C:\windows\system32\aca1Nj7.exe <------------- found and delete
C:\WINDOWS\SysCheckBop32.exe <-------------- found and delete
C:\WINDOWS\System32\aircity.exe <------------ could not find*
C:\WINDOWS\sasetup.dll <----------------- found and delete
C:\Program Files\ah1xncdx\ah1xncdx.exe <------------ could not find*
C:\WINDOWS\System32\qlhkyhya\gjlnylua.exe <----------- could not find*
C:\documents and settings\owner\local settings\temp\B.exe <------------ nothing with just b.exe was there something else?
C:\windows\system32\B5b9f4sQl.exe < -- -----found and delete
AUNPS2.DLL <-----------found and delete
C:\WINDOWS\srcp.exe <------------- could not find
C:\documents and settings\owner\local settings\Temp\rm05040901.Stub.exe <------------ could not find*
C:\windows\system32\aca1Nj7.exe <-------------- found and delete
C:\Program Files\SpySpotter\SpySpotter.exe <------------- could not find*
C:\WINDOWS\SysCheckBop32 <----------------- could not find.
dbmwapi(4)(2).exe <--------------- still could not find*
bat1_qcx.exe <------------ still could not find*
C:\Program Files\Common Files\wkfw\wkfwm.exe <--------- could not find*

(Note: all the ones with * have been checked again and i've looked my computer (location)
The one with no * i' have not got to it yet just wanted to up date u.
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #11 on: April 03, 2005, 01:15:24 AM »

Ok, let HJT delete the following entry:

O15 - Trusted Zone: *.finefind.nettraffic2cash.biz

Then open up Windows Explorer and navigate to C:\Windows\System32\drivers\etc\
In that folder, open up a file called HOSTS

The default entry in that file should be:

Code:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
Now add a new entry into that file.

Code:
127.0.0.1       *.finefind.nettraffic2cash.biz
Then save the file and reboot. Create a new HJT log and post back.

If you don't find the Hosts file in the folder I mentioned, you can let HJT create one for you. Here's how:

After doing a scan, click the Config button in the bottom right corner.
Then click the Misc Tools button in the next pane and from there click Open hosts file manager.
If HJT fails to show contents, then click the button that says: Let Hijack This create the hosts file (or something to that effect).
Then post back the contents of that file, so I can evaluate your work. When we're done, I'll give you a well configured hosts file that you can put in the right place.

With regard to the files you say you haven't been able to locate, try locating the folders as well. I marked down some of the folders specifically in my initial reply.
See if you can find those and report back.
Logged

Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 17, 2016, 10:01:40 AM