Wareout removal look

Came across csagk.exe and spy-agent.bc on a mcafee scan.
After running spybot, MS malware removal, counterspy, and ad-aware, took advice from thread and ran Hoster, fixwareout, and hjt.
I have attached the hjt and other log from fix. I believe.
I also checked for all the files listed previously and they do not exist, as well and KillandClean and Unspypc.
tia
Bucket

 

The next round of logs from runkey and shownew.
thanks
bucket

 

I noticed you didn't finish up your other thread here Hijack log, please inform

Because it has been almost a month and Wareout is still present I am requesting the READ ME be ran again.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

I believe I have done the READ ME now 100%. Atleast I hope so.
I had to run AVG Anti-spyware because of the expiration of Counterspy.
AVG found the following items:
Downloader.tiny.cl
Backdoor.small.nk
Trojan.agent.zq
Downloader.tiny.bm
Trojan.small.fb

There were no problems running any scan, and I was able to scan in safe mode for all items except the last two scans which state normal mode.
I am attaching the 6 logs now. I hope I have done everything right and we can get rid of any nasty critters still left.
Thanks
Bucket

 

Next 3 logs per readme.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

First, download, install and run CCleaner

Then see this thread WareOut Removal

After you complete the above thread have HJT fix the below entries:

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\System32\dmgfj.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete this entire post reboot and attach a fresh HJT log.

 

Thank you for the help. I have done the next steps. The file was not blue in the pillbox program fyi.
Log is attached.
thanks
Bcuket

 

Looks good, are you having any further problems?

 

Yes, I believe everything is good to go. Although I didnt see many problems when the stuff was there, it just felt like something was wrong. I appreciate all the help, even when I didnt follow directions. This is a class site.

Bucket

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!