Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This Log, Am I Clean Now?


  • This topic is locked This topic is locked
1 reply to this topic

#1 goathahalol

goathahalol

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 30 August 2007 - 02:58 PM

I have run Smitfraudfix, spybot and adaware on this machine which was pretty badly infected. The only entries that spybot couldn't clean were referring to cmdService and VirtuMonde, however after running Ad-aware, they seem to have been removed as well. Here is my Hijack This log if you could just give it a look and make sure you don't see any lingering effects of the infection. Thank you very Much for your help in advance.

=========Hijack This Log =================

Logfile of HijackThis v1.99.1
Scan saved at 3:56:53 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Laserfiche\Snapshot 7\SnapshotService.exe
C:\Program Files\Laserfiche\Server\LfFccService72.exe
C:\Program Files\Laserfiche\Server\LFS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$LASERFICHE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Laserfiche\Quick Fields\Quick Fields Agent\Quick Fields Agent.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [{77-77-7C-C5-ZN}] C:\DOCUME~1\BGAUTH~1\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [horycy] C:\Program Files\MSN\horycy22011.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.2\webbuying.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\bgauthier\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: LFWebLoad71 - http://localhost/las...LFWebLoad71.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://D:\components\Liquid.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141701952421
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = activearchives.local
O17 - HKLM\Software\..\Telephony: DomainName = activearchives.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A2CE3FD-FD3B-4261-B4FB-1FD88C27B655}: NameServer = 192.168.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = activearchives.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Laserfiche Agenda Manager Service - LaserficheŽ - C:\Program Files\Laserfiche\Agenda Manager Server\AMServer.exe
O23 - Service: Laserfiche Snapshot Service 7 - - C:\Program Files\Laserfiche\Snapshot 7\SnapshotService.exe
O23 - Service: Laserfiche FCC 7.2 (LfFCCService72) - - C:\Program Files\Laserfiche\Server\LfFccService72.exe
O23 - Service: Laserfiche Server 7.2 (LFS72) - Laserfiche - C:\Program Files\Laserfiche\Server\LFS.exe
O23 - Service: LaserFiche Server Automation (LFServerAutomation) - Unknown owner - C:\Program Files\LaserFiche\WorkflowSuite\ServerAutomation\ServerAutomation.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: MSSQL$LASERFICHE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LASERFICHE\Binn\sqlservr.exe" -sLASERFICHE (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Quick Fields Agent - - C:\Program Files\Laserfiche\Quick Fields\Quick Fields Agent\Quick Fields Agent.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServerSnapshotService - Unknown owner - C:\Program Files\Common Files\LaserFiche\Snapshot\ServerSnapshotService.exe
O23 - Service: SQLAgent$LASERFICHE - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$LASERFICHE\Binn\sqlagent.EXE" -i LASERFICHE (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove


#2 miekiemoes

miekiemoes

    MalwareBytes

  • Visiting Fellow
  • PipPipPipPip
  • 514 posts

Posted 31 August 2007 - 12:40 AM

I see you posted your problem at other forums as well. This is really confusing and you are actually wasting our time with this. This because many helpers will now analyze your log while someone is already helping you. This is a waste of our time and because of this, other people who are already waiting a couple of days have to wait longer.
Also, if you receive help from several different helpers - it will be very confusing for you and the helper since instructions may be different and we don't know what steps were performed, so logs won't make sense.

That's why I closed this thread so we can move on and help someone else instead, because I already replied here: http://www.bleepingc...opic106429.html

In case there are other forums where you posted your log as well, please let them know you are already receiving help.

Thanks.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users