Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Arggh - Exciteexchange, Seachhound, Zedo - Log Inside


  • Please log in to reply
20 replies to this topic

#16 a71rambler

a71rambler

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 May 2007 - 05:03 PM

ogfile of HijackThis v1.99.1
Scan saved at 4:02:01 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\scanner.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163906523312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab50727.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe


KASPERSKY ONLINE SCANNER REPORT
Sunday, May 27, 2007 4:01:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 27/05/2007
Kaspersky Anti-Virus database records: 330593
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
N:\
O:\
P:\
Q:\

Scan Statistics:
Total number of scanned objects: 202002
Number of viruses found: 15
Number of infected objects: 112
Number of suspicious objects: 0
Duration of the scan process: 03:40:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\SecTaskMan\auvskivq.dll.q_804C034_q Infected: Trojan.Win32.BHO.o skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\vbjoprge.dll.q_804C034_q Infected: Trojan.Win32.BHO.o skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Desktop\backups\backup-20070515-063431-139.dll Infected: Trojan.Win32.BHO.o skipped
C:\Documents and Settings\Nash\Desktop\backups\backup-20070515-063431-769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\4ED21E95-0000001D.eml/[From "Rx_Pharmacy" <pillsale@mdshopnsvetoday.net>][Date Wed, 24 Jan 2007 04:26:49 -0700]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\4ED21E95-0000001D.eml Mail: infected - 1 skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED/[From DON BERTHO <donbertho@yahoo.com>][Date Tue, 23 Jan 2007 00:11:48 -0800 (PST)]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml Mail: infected - 2 skipped
C:\Documents and Settings\Nash\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temp\RarSFX0\post ext sp6.exe/EXE-file/EXE-file/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
C:\Documents and Settings\Nash\Local Settings\Temp\RarSFX0\post ext sp6.exe/EXE-file/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
C:\Documents and Settings\Nash\Local Settings\Temp\RarSFX0\post ext sp6.exe/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
C:\Documents and Settings\Nash\Local Settings\Temp\RarSFX0\post ext sp6.exe/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
C:\Documents and Settings\Nash\Local Settings\Temp\RarSFX0\post ext sp6.exe Alloy: infected - 4 skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Nash\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nash\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Hijackthis\backups\backup-20070525-164621-543.dll Infected: Trojan.Win32.BHO.g skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36C.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B5.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6DA.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C92.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DDF.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DE0.tmp Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DE3.tmp Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102291.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102291.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102291.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102291.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102291.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP738\A0102357.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP751\A0102424.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP761\A0102672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP761\A0102675.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP762\A0102716.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP763\A0102815.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP763\A0102915.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP764\A0103002.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP764\A0104077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jn skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP764\A0104078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jn skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP766\change.log Object is locked skipped
C:\VundoFix Backups\awvvt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\ddabc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\jkhff.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\mljgd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\uqosbtgg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\winmxw32.dll.bad Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pw.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ssttu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xgslvkuy.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Data\Nash\emoicons\EmoPackV1.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\EmoPackV1.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\EmoPackV1.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\EmoPackV1.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV10.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV10.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV10.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV10.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV11.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV11.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV11.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV11.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV12.zip/Extract.exe/stream/data0098 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV12.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV12.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV12.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV13.zip/Extract.exe/stream/data0098 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV13.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV13.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV13.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV2.Zip/EmoPackV2.exe/stream/data0097 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV2.Zip/EmoPackV2.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV2.Zip/EmoPackV2.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV2.Zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV4.zip/Extract.exe/data0102 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV4.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV4.zip ZIP: infected - 2 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV5.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV5.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV5.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV5.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV6.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV6.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV6.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV6.zip ZIP: infected - 3 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV7.zip/Extract.exe/data0102 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV7.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV7.zip ZIP: infected - 2 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV8.zip/Extract.exe/data0102 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV8.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV8.zip ZIP: infected - 2 skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV9.zip/Extract.exe/stream/data0101 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV9.zip/Extract.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV9.zip/Extract.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
D:\Data\Nash\emoicons\MSN6.EmoPackV9.zip ZIP: infected - 3 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar/post ext sp6.exe/EXE-file/EXE-file/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar/post ext sp6.exe/EXE-file/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar/post ext sp6.exe/EXE-file/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar/post ext sp6.exe/EXE-file Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar/post ext sp6.exe Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe/data.rar Infected: Backdoor.Win32.DSSdoor.b skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP733\A0102300.exe RarSFX: infected - 6 skipped
E:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP757\A0102445.exe Infected: Trojan-Downloader.Win32.Small.ehb skipped
E:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP757\A0102448.exe Infected: Trojan-Downloader.Win32.Small.ehb skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

    Advertisements

Register to Remove


#17 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 28 May 2007 - 06:14 AM

Hello :)

Delete these files:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\auvskivq.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\vbjoprge.dll
C:\Documents and Settings\Nash\My Documents\My Received Files\kf141.zip
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\pw.exe
C:\WINDOWS\system32\xgslvkuy.dll
D:\Data\Nash\emoicons\EmoPackV1.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV10.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV11.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV12.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV13.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV2.Zip
D:\Data\Nash\emoicons\MSN6.EmoPackV4.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV5.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV6.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV7.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV8.zip
D:\Data\Nash\emoicons\MSN6.EmoPackV9.zip


Empty these folders:
C:\Documents and Settings\Nash\Local Settings\Temp
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine

Delete these folders:
C:\Documents and Settings\Nash\Desktop\backups
C:\Program Files\Hijackthis\backups
_____________________________________________________________
Disable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • Select Turn off System Restore
  • Click apply and click OK
  • Reboot!
Enable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • un-check Turn off System Restore
  • Click apply and click OK
  • Reboot!
____________________________________________________________
Please download ATF-cleaner and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser:

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser:

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
____________________________________________________________

Re-run with Kaspersky online scanner!


Post:
- A fresh HijackThis log
- Kaspersky's report

#18 a71rambler

a71rambler

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 May 2007 - 01:44 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 28, 2007 12:42:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/05/2007
Kaspersky Anti-Virus database records: 333224
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
N:\
O:\
P:\
Q:\

Scan Statistics:
Total number of scanned objects: 191521
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 03:12:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\e54.3212ACE201C7A144.history00030a.bak/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\e54.3212ACE201C7A144.history00030a.bak/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\e54.3212ACE201C7A144.history00030a.bak/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\e54.3212ACE201C7A144.history00030a.bak/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\PdmHist\e54.3212ACE201C7A144.history00030a.bak ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report87_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report89_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report8d_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report8d_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\4ED21E95-0000001D.eml/[From "Rx_Pharmacy" <pillsale@mdshopnsvetoday.net>][Date Wed, 24 Jan 2007 04:26:49 -0700]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\4ED21E95-0000001D.eml Mail: infected - 1 skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED/[From DON BERTHO <donbertho@yahoo.com>][Date Tue, 23 Jan 2007 00:11:48 -0800 (PST)]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows Live Mail desktop\a71rambler@hotmail.com\On This Com feb\RecoveredMe 730\680B71F1-0000003E.eml Mail: infected - 2 skipped
C:\Documents and Settings\Nash\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nash\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP1\change.log Object is locked skipped
E:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP1\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP1\change.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 12:43:47 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\scanner.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163906523312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab50727.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)

#19 a71rambler

a71rambler

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 May 2007 - 10:21 PM

I should also note.... I uninstalled TrendMicro PCillin and installed the Kaspersky suite. I have also deleted the two archives above that show as infected.... rerunning online scan now. Will post log and new hijack this log when complete. Thanks again for all the help!

#20 a71rambler

a71rambler

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 29 May 2007 - 07:19 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 29, 2007 6:15:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/05/2007
Kaspersky Anti-Virus database records: 333340
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
N:\
O:\
P:\
Q:\

Scan Statistics:
Total number of scanned objects: 190821
Number of viruses found: 1
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 03:09:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Reportc7_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Reportc8_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Reportc8_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Reportcf_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nash\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nash\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nash\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-73586283-813497703-839522115-1003\Dc8\4ED21E95-0000001D.eml/[From "Rx_Pharmacy" <pillsale@mdshopnsvetoday.net>][Date Wed, 24 Jan 2007 04:26:49 -0700]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\RECYCLER\S-1-5-21-73586283-813497703-839522115-1003\Dc8\4ED21E95-0000001D.eml Mail: infected - 1 skipped
C:\RECYCLER\S-1-5-21-73586283-813497703-839522115-1003\Dc8\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED/[From DON BERTHO <donbertho@yahoo.com>][Date Tue, 23 Jan 2007 00:11:48 -0800 (PST)]/HUGE_RX_MEDICATION_SALE_PLEASE_CLICK_HERE.htm Infected: Trojan.JS.Redirector.b skipped
C:\RECYCLER\S-1-5-21-73586283-813497703-839522115-1003\Dc8\680B71F1-0000003E.eml/[From "Descrete-Med-Shop" <Pilsletodye@gesmstartmeds.net>][Date Mon, 29 Jan 2007 21:53:13 +0100]/UNNAMED Infected: Trojan.JS.Redirector.b skipped
C:\RECYCLER\S-1-5-21-73586283-813497703-839522115-1003\Dc8\680B71F1-0000003E.eml Mail: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A021AF7D-1FCA-4875-9266-00C93705C542}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CC631A51-F0BC-4F63-AD2F-A817C5943A19}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 6:17:54 AM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\scanner.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163906523312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/...no.cab55579.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab50727.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)


After noting where the virus was (recycle bin) I ran ATF cleaner again.

#21 Markka

Markka

    Advanced Member

  • Banned
  • PipPipPipPip
  • 784 posts

Posted 29 May 2007 - 08:53 AM

Hello :)

Your java is out of date. Update your java.

Instruction:
  • -> Go to Control panel -> Add/remove programs
  • -> Find java(s) from the list
  • -> Delete this java version:
    jre1.5.0_07
  • -> Please download from here a new java and install it.
  • -> The latest java version is: Java Runtime Environment (JRE) 6u1
____________________________________________________

Otherwise your HijackThis log is clean! How is your computer running now?

Here are a couple of things how to stay clean:
  • Clean speech:
  • Use Mozilla firefox or Opera as your browser!
    Mozilla firefox or Opera are better than Internet Explorer.
    Download Mozilla firefox from here!
    Download Opera from here!
  • Install Hosts-file!
    Hosts-file blocks bad web addresses. Remember to update hosts-file regularly.
    Download Hosts-file from here!
  • Install Winpatrol!
    Winpatrol monitors your system and blocks hijacks.
    Download Winpatrol from here!
  • Install AVG Anti-Spyware!
    AVG anti-spyware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
    Download AVG anti-spyware from here!
  • Install Ccleaner!
    CCleaner cleans your temporary files and also cleans your register. Run CCleaner regularly.
    Download CCleaner from here!
  • Install Ad-Aware!
    Ad-aware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
    Download Ad-aware from here!
  • Install SpywareBlaster!
    Spywareblaster blocks bad activeX-components. Update it regularly.
    Download Spywareblaster from here!
  • System restore!
    Clean and create new system restore point regularly.
    How do I clean my system restore and create new system restore point?
    Here are instructions!
  • Keep all programs updated!
    Remember to keep all programs up-to-date, also Windows. So please visit here regularly and install all critical updates.
Stay clean and happy surfing ;)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users