Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind  
Forum Quick Jump
 
New Topic Post reply to : HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind Printable version of : HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
[ << Previous Thread | Next Thread >> ]

Psycho Steve
New Member


Date Joined Jun 2004
Total Posts : 4
  		   Posted 7-12-2004 7:04 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Hope you can help , this has been driving me mad for the last couple of days. I have run Spy Sweeper, Adaware 6, AVG and now Hijack This, the following is a copy of the scan,
 
Logfile of HijackThis v1.97.7
Scan saved at 19:01:01, on 12/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\WINDOWS\system32\config\winlogon.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\WindUpdates\WinKA.exe
D:\ipaq\WCESCOMM.EXE
C:\WINDOWS\System32\x0r\svshost.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\SpywareWebroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.blazefind.com/search_page.php?account_id=3004
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB.DLL
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\put all folders in here\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB.DLL
O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF6f52.dll
O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF6f52.dll
O4 - HKLM\..\Run: [xor] C:\WINDOWS\System32\x0r\svshost.exe
O4 - HKLM\..\Run: [Service Control Process] C:\WINDOWS\system32\config\winlogon.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] D:\SpywareWebroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\ipaq\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Research (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=0c8af29cad1529a0c2f12262efe492244d317f6ab2c86bff7585b7e883263ddf35912dd813dee463c744961d2b31add589650eef4d876c0fc2a2f745d64562:c31e3730b38c174130e1e2729109a237
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38108.4762152778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Which ones do I need to get rid?
 
Thanks in advance....
Psycho Steve
 
 
 
 
Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-12-2004 7:23 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Are you at all familiar with regedit? if you are you can go in there type in the name of the virus search it and delete it.
Eagle smilewinkgrin
Back to Top
 

Psycho Steve
New Member


Date Joined Jun 2004
Total Posts : 4
  		   Posted 7-12-2004 7:39 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Yes I think so... probably a stupid question but should I just search for Proxy or Proxy.5 ???
Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-12-2004 8:18 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
No not stupid,
try proxy first then proxy.5 if you get no results the first time.
Eagle smilewinkgrin
Back to Top
 

Psycho Steve
New Member


Date Joined Jun 2004
Total Posts : 4
  		   Posted 7-15-2004 10:24 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
This is the latest Log, thought I'd got shot of th bugs, but it seems they keep coming back:
Couldn't find anything that looked suspicous in the registry under Proxy or Proxy.5, I've now installed Zone Alarm as well, just to stop programs accessing the net that I don't know about! Any suggestions on this lot...
Logfile of HijackThis v1.97.7
Scan saved at 22:20:06, on 15/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe
C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\config\winlogon.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\host32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\SpywareWebroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WindUpdates\WinKA.exe
D:\ipaq\WCESCOMM.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\WhiteCanyon\SecureClean 4\scwatch4.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\x0r\svshost.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\put all folders in here\Zone Alarm\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\put all folders in here\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Blocker Pro - {A44B961C-8C36-470f-8555-EDA0EFC1E710} - C:\Program Files\SafeGuard Pop-up Blocker Pro FREE Edition\popupblocker.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF6f52.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SecureClean4RegManager] "C:\Program Files\WhiteCanyon\SecureClean 4\scregmanager4.exe"
O4 - HKLM\..\Run: [SecureClean4Tray] "C:\Program Files\WhiteCanyon\SecureClean 4\sctray4.exe"
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF6f52.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [Service Control Process] C:\WINDOWS\system32\config\winlogon.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\host32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] D:\SpywareWebroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\ipaq\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38108.4762152778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-16-2004 1:23 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Same as before only this time do a disk clean and then turn off restore, scan second time if clean then turn restore back on.
oh while in disk clean click more options tab and tell it to delete all restore points.
                              Eaglesmilewinkgrin
Back to Top
 

Psycho Steve
New Member


Date Joined Jun 2004
Total Posts : 4
  		   Posted 7-21-2004 11:13 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Thanks Eagle.

I think I've killed it now, I managed to get Revop.C as well, I turned off Restore and found I had two processes called Winlogon which I found in Task Manager, stopped one of them and deleted it in C drive. Then used Trojan Hunter which found four possible Trojans which I deleted from C drive also.

No problems so far... haven't yet had the courage to turn Restore back on though!

Thanks for all your help...Keep up the good work.
Back to Top
 

eagle
Senior Member


Date Joined May 2004
Total Posts : 805
  		   Posted 7-22-2004 2:41 (GMT +1)    Quote: HELP ! Proxy.5.AS and Proxy.5.AQ and BlazefindAlert an admin about: HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
Your welcome,
 and come back anytime!
         Eaglesmilewinkgrin
Back to Top
 
New Topic Post reply to : HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind Printable version of : HELP ! Proxy.5.AS and Proxy.5.AQ and Blazefind
 
Forum Information
Currently it is Saturday, November 21, 2009 6:02 AM (GMT +1)
There are a total of 73.023 posts in 17.111 threads.
In the last 3 days there were 9 new threads and 75 reply posts. View Active Threads
Who's Online
This forum has 30331 registered members. Please welcome our newest member, bigpapa97.
39 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Please help with Redirecting and virus scan virus (0)21-11-2009 04:02:23 (bigpapa97)
Help Needed...Win32.Trojan (13)21-11-2009 03:53:58 (manutd83)
Cannot install anti-virus softeware or do window updates... need help (16)21-11-2009 02:44:45 (Touch)
How to remove VBS:Malware-gen virus??? (4)20-11-2009 22:26:03 (DarkPrincess)
Unable to start COM+ Event, BITs and Windows Update on Win2000 (13)20-11-2009 22:10:54 (sjrsquared)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard