Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT Log to check for any possible problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 13th, 2009, 9:42 pm

My computer had recently been infected with the Zlob trojan which caused my computer to have the rogue MSSpyware2009 program. I did a search about these infections and attempted to clean them myself by turning off System Restore(although, it is back on now as per your "Guidelines and Rules"), scanning with Malwarebytes Anti-Malware and a-squared free, and using the SmitFraudFix tool. And it appears that I cleaned these infections from my computer, however, I am posting a HJT Log to check for any remaining problems and to follow any other other instructions related to the Zlob trojan.


Logfile of HijackThis v1.99.1
Scan saved at 7:05:50 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Sandbox\Owner\DefaultBox\drive\C\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=twB ... Q6W2z9rKKI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=x
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us ... eaming.cab
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pe ... stscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/commo ... rowser.CAB
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/fi ... tup162.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: GeSWall service (gswserv) - Unknown owner - C:\Program Files\geswall\gswserv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: JURLYZDGBGZVP - Unknown owner - (no file)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm
Advertisement
Register to Remove

Re: HJT Log to check for any possible problems

Unread postby Odd dude » January 21st, 2009, 9:50 am

Hi,

Looks like the programs you ran did a pretty good job.

But here are some guidelines:

1) NEVER run anything without proper guidance
2) NEVER run any tool which you don't know inside-out
3) ALWAYS post logs of the tools you run

So in your next post, post the logs of all tools you ran.

I'd like a new HJT log, but this time DO NOT run it from within Sandboxie.

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please post back:
  • Uninstall list (from outside sandboxie)
  • New hijackthis log (from outside sandboxie)
  • Logs of tools you ran
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: HJT Log to check for any possible problems

Unread postby Odd dude » January 22nd, 2009, 8:14 am

NEVER run any tool inside Sandboxie, please.

Open hijackthis, click do a system scan only. Close all open windows, put a check next to these and click fix checked.

O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

Close hijackthis. Click Start>Run and copy and paste this:
Code: Select all
CMD /c for %i in (stop delete) do sc %i JURLYZDGBGZVP

Click OK.

It looks like you are running three firewalls - COMODO, CA and Tiny Personal Firewall.

Please uninstall TWO of those. You must have only ONE firewall running.
As CA belongs to a suite, I strongly recommend to remove COMODO and Tiny Personal Firewall.

Now reboot your computer. Then run this tool:

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts :)
Pleas also inform me how the computer is doing.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 24th, 2009, 1:24 am

Odd dude wrote:Hi,

Looks like the programs you ran did a pretty good job.

But here are some guidelines:

1) NEVER run anything without proper guidance
2) NEVER run any tool which you don't know inside-out
3) ALWAYS post logs of the tools you run

So in your next post, post the logs of all tools you ran.


Hi, Odd dude. Regarding posting the logs of all tools that I ran, from what time period are you talking about? Within the last month, within the last two months, as far back as the logs go? Also, should I be concerned about logs of tools that I uninstalled and/or only kept for a short period of time? Plus, do those logs still exist in my computer? Additionally, could you give me instructions on how to easily post tool logs. I looked at some of my tools and I can't quite see how I should post the log files for some of them. And for some of them, I don't really know where the log files are(such as Spybot). And for Malwarebytes' and SUPERAntispyware, it looks like I have to open or view each and every individual log. :o

Also, do you want the tool logs, the new HTJ log, and the uninstall list all in the same post?
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 24th, 2009, 1:35 am

Odd dude wrote:NEVER run any tool inside Sandboxie, please.

It looks like you are running three firewalls - COMODO, CA and Tiny Personal Firewall.

Please uninstall TWO of those. You must have only ONE firewall running.
As CA belongs to a suite, I strongly recommend to remove COMODO and Tiny Personal Firewall.


Okay, but I have never heard of Tiny Personal Firewall. Can you tell me what exactly Tiny Personal Firewall is and where it came from? Is it synonymous with Windows Firewall? :?:
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 24th, 2009, 1:40 am

Also, I really wouldn't know how to uninstall Tiny Personal Firewall because it's not in "All Programs" nor is it in "Add or Remove Programs."
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 24th, 2009, 1:47 am

And one more thing. I was reading somewhere here at this forum that if a person's computer has been infected with the Zlob trojan and they have a wireless router, they have to be concerned about the malware program attacking the router and changing it's password so that the malware program has total access to a person's computer and password and other personal information. Now is this something that I need to be concerned about? :o
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 24th, 2009, 2:00 am

Well, maybe not one more thing. :D I just did a search on Tiny Personal Firewall and found out that their hompage which is http://www.tinysoftware.com , however, when I entered that URL in my address bar, I was redirected here: http://www.ca.com/us/products/product.aspx?ID=5785 Therefore, would it be safe to conclude that Tiny Personal Firewall is the same thing as the CA firewall?
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby Odd dude » January 24th, 2009, 10:20 am

Sorry for the unclarity.

I only need the latest log from Malwarebytes' Anti-Malware. This can be obtained by opening the tool, clicking the “Log” tab, and opening the log which is dated the latest.

Furthermore, I would like the Smitfraud log. It will be called rapport.txt and if you can't find it, it's most likely in C:\

Also, do you want the tool logs, the new HTJ log, and the uninstall list all in the same post?
Please make a seperate post for each log :)

Okay, but I have never heard of Tiny Personal Firewall. Can you tell me what exactly Tiny Personal Firewall is and where it came from? Is it synonymous with Windows Firewall?
Yes it is, but it's likely to be a bit better than Windows firewall.

Also, I really wouldn't know how to uninstall Tiny Personal Firewall because it's not in "All Programs" nor is it in "Add or Remove Programs."
It may be that what I saw was just some leftover garbage from an incomplete uninstallation – this happens a lot with anti-malware software.
If you don't have it, it's likely not active. So pretend it's already uninstalled – because it really is. I will remove the leftovers.

And one more thing. I was reading somewhere here at this forum that if a person's computer has been infected with the Zlob trojan and they have a wireless router, they have to be concerned about the malware program attacking the router and changing it's password so that the malware program has total access to a person's computer and password and other personal information. Now is this something that I need to be concerned about?
You use Malwarebytes' Anti-Malware, right? It detects that specific infection. If your router is infected it will keep flagging DNS addresses in your registry, which cannot be cleaned, because your router keeps feeding them back to you. In that case, and only in that case, you'll need to reset the router.

So unless that happened to you, you're fine. Having said that, it's always good practice to password protect whatever can be password protected.

Well, maybe not one more thing. I just did a search on Tiny Personal Firewall and found out that their hompage which is http://www.tinysoftware.com , however, when I entered that URL in my address bar, I was redirected here: http://www.ca.com/us/products/product.aspx?ID=5785 Therefore, would it be safe to conclude that Tiny Personal Firewall is the same thing as the CA firewall?
I think so. Maybe it's a really old product you installed and then uninstalled ages ago. Maybe it was now taken over by CA. Doesn't really matter anyways – what is left of it on your computer is useless and resource consuming right now. So I'll remove it.

I recommend you to uninstall COMODO now – you'll still have the CA (NOT Tiny) Firewall running, and COMODO as well. Running multiple firewalls is not going to make your computer any more secure or stable, so please take care of that next and then please perform the instructions in my previous post :)

Might I add that it's very, very good that you're asking questions. :thumbright: :thumbright:
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: HJT Log to check for any possible problems

Unread postby Odd dude » January 26th, 2009, 2:09 pm

Have you been able to run RSIT now?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 29th, 2009, 4:13 pm

Odd dude wrote: I only need the latest log from Malwarebytes' Anti-Malware. This can be obtained by opening the tool, clicking the “Log” tab, and opening the log which is dated the latest.

Furthermore, I would like the Smitfraud log. It will be called rapport.txt and if you can't find it, it's most likely in C:\


Odd dude, I forgot to mention that when I first tried to clean the Zlob infection with Malwarebytes' and the Smithfraudfix tool, I had forgotten to disable System Restore and the rogue MSSpyware2009 program came back. But I then disabled System Restore and rescanned with Malwarebytes' and used the Smithfraudfix tool, however, this time the Malwarebytes scan didn't seem to detect the rogue MSSpyware2009 program. Therefore, I scanned with a-square Free which then cleaned the second rogue MSSpyware2009 program. So as far as the scans go after 12/17/08, I have 6 Malwarebytes' scans(2 on 12/18/08, 1 on 12/19/08, 1 on 12/22/08, and 2 in January 2009), 4 a-squared Free scans(1 on 12/18/08, 1 on 12/29/08 and 2 in January 2009), and for rapport.txt, I wasn't sure where to find those logs on my computer, so I did a search from my 'Start' menu and found several log files where some were dated 12/11/08 :?: and some were dated 12/18/08.

You use Malwarebytes' Anti-Malware, right? It detects that specific infection. If your router is infected it will keep flagging DNS addresses in your registry, which cannot be cleaned, because your router keeps feeding them back to you. In that case, and only in that case, you'll need to reset the router.

So unless that happened to you, you're fine. Having said that, it's always good practice to password protect whatever can be password protected.


Well, my Malwarebytes' isn't flagging DNS addresses in my registry, therefore, it doesn't look like my router got infected. Also, I'm not even sure if my router has password capabilites. I'll have to find the instructions manual to see for sure, but I don't recall any mention of using a password in the instructions.

I recommend you to uninstall COMODO now – you'll still have the CA (NOT Tiny) Firewall running, and COMODO as well. Running multiple firewalls is not going to make your computer any more secure or stable, so please take care of that next and then please perform the instructions in my previous post :)


I will uninstall COMODO right now and come back and perform the other instructions with the expection of posting the scanner logs until after you answer the questions about them that I asked today.
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby O-Me-O-My » January 29th, 2009, 4:14 pm

Odd dude wrote:Have you been able to run RSIT now?


Well, not yet, but I will do so after I uninstall COMOD.
O-Me-O-My
Active Member
 
Posts: 10
Joined: January 13th, 2009, 5:43 pm

Re: HJT Log to check for any possible problems

Unread postby askey127 » January 29th, 2009, 4:26 pm

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HJT Log to check for any possible problems

Unread postby askey127 » January 31st, 2009, 2:24 pm

Re-opened by request from OP.
We closed topic too soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HJT Log to check for any possible problems

Unread postby Odd dude » January 31st, 2009, 3:45 pm

I'm so very sorry the topic got closed. You didn't reply within five days, so I requested the topic to be closed. Looks like askey missed your reply.

Please try to post within five days of my last post. If you don't think you can make that, please inform me so that the topic will be kept open.

If you didn't already reenable System Restore, do so now.

I don't think I'll need the Malwarebytes' logs anymore - your description is sufficient :)

Well, my Malwarebytes' isn't flagging DNS addresses in my registry, therefore, it doesn't look like my router got infected

That's good to hear :)

Please perform these steps when you have the time:

Odd dude wrote:Open hijackthis, click do a system scan only. Close all open windows, put a check next to these and click fix checked.

O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

Close hijackthis. Click Start>Run and copy and paste this:
Code: Select all
CMD /c for %i in (stop delete) do sc %i JURLYZDGBGZVP

Click OK.

It looks like you are running three firewalls - COMODO, CA and Tiny Personal Firewall.

Please uninstall TWO of those. You must have only ONE firewall running.
As CA belongs to a suite, I strongly recommend to remove COMODO and Tiny Personal Firewall.

Now reboot your computer. Then run this tool:

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)


Please post into your next reply log.txt, info.txt and the SmitfraudFix log (if you still have it). You can find it as c:\rapport.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 499 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware