Fixwareout ... Assistance given ... report.txt

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System "= "csqyi.exe "

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system "=" "
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}A4E12B2601F1-2D8B-1CE4-6D46-9E95A044{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}B7F2E928AA7D-1799-1964-F803-01018F66{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F275465C76BF-6AB9-55C4-59F8-A328A79D{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}38532B8592EC-D129-A4B4-F47B-6C5F5FCD{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}80FDBD84A6F3-D8D9-E094-3DDE-CF0C5C81{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}F6DD2859AE28-8FD9-AF44-E6E5-A7E77549{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}98122E790B93-CD8B-33B4-3871-725B2AFB{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ssumd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "swen" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eno" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "owt" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "eerht" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ruof" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "evif" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\User\Application Data\kc.tmp Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\Documents and Settings\User\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\User\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\User\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\User\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\User\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\User\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\User\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\User\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\User\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\WINDOWS\BALLOON.WAV Deleted
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\RDT.INI Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
C:\Documents and Settings\User\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\User\Favorites\Sex and Dating Deleted
C:\Documents and Settings\User\Favorites\Spyware Uninstall Deleted
C:\WINDOWS\system32\{DCF5F5C6-B74F-4B4A-921D-CE2958B23583}.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCWipeTM Startup "= "\ "C:\\Program Files\\Jetico\\BCWipe\\BCWipeTM.exe\" startup "
"Serviceprocess "= "mozilla-text.exe "
"DCC_send "= "WinInitDll.exe "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\" "
"PAS_Check "= "C:\\Program Files\\SystemDoctor 2006 Free\\pasmon.exe "
"NvVideoCenter "= "C:\\WINDOWS\\System32\\NvVid.exe "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"xxtoolbar "= "xxtoolbar.exe "
"SysEntry "= "TorontoMail.exe "
"JAguAr "= "msag.exe "
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Thanks for the helpgiven. May be the above will assist someone else.
PDG99

 

Hello and welcome to WindowsBBS Forums.

Well, it does not really help anyone, as the log output is machine specific. Meaning each machine will produce different results of what was found\removed.

Who was it that told you to run the tool and where did you post your HijackThis! log file?