Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] please see HJT log


  • This topic is locked This topic is locked
15 replies to this topic

#1 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 19 May 2008 - 01:54 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:50:15 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://shell.windows...dir.asp?Ext=DAT
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog

Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32

Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC

Suite 6\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O17 -

HKLM\System\CCS\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937

}: NameServer = 221.132.112.8 202.163.96.3
O17 -

HKLM\System\CS1\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937

}: NameServer = 221.132.112.8 202.163.96.3
O17 -

HKLM\System\CS2\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937

}: NameServer = 221.132.112.8 202.163.96.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program

Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program

Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET

NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service

(default)) - Analog Devices, Inc. - C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket

Division Software - C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 May 2008 - 05:37 PM

Hello adil8

Welcome to the Whatthetech Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

Your running an outdated version of HJT and the way you posted it makes it hard to read. Uninstall HJT via the Add Remove programs in the Control Panel and download and install the latest version by Trendmicro/

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 26 May 2008 - 10:48 PM

Thanks a lot for responding to my request and i do know that you guys are doing a pretty good job and helping out lot of people so it does take time.. i understand :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:29 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows...dir.asp?Ext=DAT
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937}: NameServer = 221.132.112.8 202.163.96.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937}: NameServer = 221.132.112.8 202.163.96.3
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5006 bytes

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 May 2008 - 02:46 AM

Hello,

Where exactly are you located, you have entries on your log pointing to this and also Pakistan.

66.98.128.0 - 66.98.255.255
ThePlanet.com Internet Services, Inc.
315 Capitol
Suite 205
Houston, TX
US


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 27 May 2008 - 04:14 PM

Well I am from Pakistan.. I was hacked a few months ago and my precious data was stolen.. I installed zone alarm firewall after this and i thought it would make hacking very difficult but seems like i m hacked again :( .. following is the scan result of spyware doctor when i was hacked for the first time.. I have highlighted IP in the scan result.. what can i do against people who are continously bothering me :( ... this spyware scan result is not latest.. infact i saved it when i first hacked back in feb 08...

PC Tools Spyware Doctor
Date Status
2/16/2008 2:25:57 PM:515 Service Started
Spyware Doctor Service Application started
2/16/2008 2:25:58 PM:578 OnGuard Detection Quarantined
Threat Name - Adware.Component.Unrelated
Type - Process
Risk Level - Medium
Infection - svchost.exe (C:\WINDOWS\SYSTEM32\drivers\svchost.exe)

2/16/2008 2:25:58 PM:656 Startup Memory Cleaner found infections
Threat Name - Adware.Component.Unrelated
Type - Process
Risk Level - Medium
Infection - svchost.exe (C:\WINDOWS\SYSTEM32\drivers\svchost.exe)

2/16/2008 2:25:58 PM:656 OnGuard Detection Quarantined
Threat Name - Adware.Component.Unrelated
Type - Process
Risk Level - Medium
Infection - svchost.exe (C:\WINDOWS\SYSTEM32\drivers\svchost.exe)

2/16/2008 2:25:58 PM:734 Startup Memory Cleaner found infections
Threat Name - Adware.Component.Unrelated
Type - Process
Risk Level - Medium
Infection - svchost.exe (C:\WINDOWS\SYSTEM32\drivers\svchost.exe)

2/16/2008 2:27:12 PM:203 Scan Started
Scan Type - Intelli-Scan

2/16/2008 2:27:12 PM:750 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - 2o7.net/ 2o7.net

2/16/2008 2:27:12 PM:796 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com

2/16/2008 2:27:12 PM:890 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - doubleclick.net/ doubleclick.net

2/16/2008 2:27:13 PM:125 Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com

2/16/2008 2:27:23 PM:265 Infection was detected on this computer
Threat Name - Adware.Component.Unrelated
Type - File
Risk Level - Medium
Infection - c:\windows\system32\drivers\svchost.exe

2/16/2008 2:27:23 PM:265 Infection was detected on this computer
Threat Name - Adware.Component.Unrelated
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,

2/16/2008 2:27:38 PM:921 Infection was detected on this computer
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.com

2/16/2008 2:27:38 PM:937 Infection was detected on this computer
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.es

2/16/2008 2:28:09 PM:140 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 177611
Threats Detected - 4
Infections Detected - 8
Infections Ignored - 0

2/16/2008 2:29:22 PM:421 Service Stopped
Spyware Doctor Service Application Stopped
2/16/2008 2:30:41 PM:906 Service Started
Spyware Doctor Service Application started
2/16/2008 2:30:52 PM:468 OnGuards status
All OnGuards were Enabled
2/16/2008 2:31:15 PM:125 OnGuard Detection Quarantined
Threat Name - Adware.Component.Unrelated
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,

2/16/2008 2:31:15 PM:125 OnGuard Detection Cleaned
Threat Name - Adware.Component.Unrelated
Type - Startup
Risk Level - Medium
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,C:\WINDOWS\SYSTEM32\drivers\svchost.exe,

2/16/2008 2:31:15 PM:281 OnGuard Detection Quarantined
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.com

2/16/2008 2:31:15 PM:296 OnGuard Detection Cleaned
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.com

2/16/2008 2:31:15 PM:296 OnGuard Detection Quarantined
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.es

2/16/2008 2:31:15 PM:312 OnGuard Detection Cleaned
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.es

2/16/2008 2:31:17 PM:31 Scan Started
Scan Type - Intelli-Scan

2/16/2008 2:31:17 PM:296 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - 2o7.net/ 2o7.net

2/16/2008 2:31:17 PM:343 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com

2/16/2008 2:31:17 PM:437 Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - doubleclick.net/ doubleclick.net

2/16/2008 2:31:17 PM:890 Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com

2/16/2008 2:31:26 PM:843 Infection was detected on this computer
Threat Name - Adware.Component.Unrelated
Type - File
Risk Level - Medium
Infection - C:\WINDOWS\SYSTEM32\drivers\svchost.exe

2/16/2008 2:31:28 PM:656 Immunizer Results
ActiveX section has been immunized, Processed 4096 items.
2/16/2008 2:32:11 PM:953 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 177731
Threats Detected - 3
Infections Detected - 5
Infections Ignored - 0

2/16/2008 2:34:27 PM:968 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - doubleclick.net/ doubleclick.net

2/16/2008 2:34:27 PM:984 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - atwola.com/ atwola.com

2/16/2008 2:34:27 PM:984 Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - 2o7.net/ 2o7.net

2/16/2008 2:34:28 PM:31 Infection cleaned
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com

2/16/2008 2:34:28 PM:109 Infection quarantined
Threat Name - Adware.Component.Unrelated
Type - File
Risk Level - Medium
Infection - C:\WINDOWS\SYSTEM32\drivers\svchost.exe

2/16/2008 2:34:28 PM:171 Infection cleaned
Threat Name - Adware.Component.Unrelated
Type - File
Risk Level - Medium
Infection - C:\WINDOWS\SYSTEM32\drivers\svchost.exe

2/16/2008 2:34:30 PM:234 Infections Quarantined/Removed Summary
Quarantined - 1
Quarantine Failed - 0
Removed - 5
Remove Failed - 0

2/16/2008 2:41:42 PM:765 Immunizer Results
ActiveX section has been immunized. No items were processed.
2/16/2008 2:43:52 PM:515 Scan Started
Scan Type - Full Scan

2/16/2008 2:53:28 PM:640 Scan Finished
Scan Type - Full Scan
Items Processed - 207824
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2/16/2008 3:00:07 PM:625 Immunizer Results
ActiveX section has been immunized. No items were processed.
2/16/2008 3:10:51 PM:609 Immunizer Results
ActiveX section has been immunized. No items were processed.
2/18/2008 5:58:59 AM:750 Service Started
Spyware Doctor Service Application started
2/18/2008 5:58:59 AM:921 OnGuards status
All OnGuards were Enabled
2/18/2008 5:59:14 AM:218 Immunizer Results
ActiveX section has been immunized. No items were processed.
2/18/2008 6:01:22 AM:718 Scan Started
Scan Type - Intelli-Scan

2/18/2008 6:02:16 AM:218 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 180618
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2/18/2008 6:12:29 AM:781 Service Stopped
Spyware Doctor Service Application Stopped
2/18/2008 6:15:42 AM:343 Service Started
Spyware Doctor Service Application started
2/18/2008 6:15:43 AM:296 OnGuards status
All OnGuards were Enabled
2/18/2008 6:15:50 AM:140 Immunizer Results
ActiveX section has been immunized. No items were processed.
2/18/2008 6:15:51 AM:609 Scan Started
Scan Type - Intelli-Scan

2/18/2008 6:16:51 AM:578 Scan Finished
Scan Type - Intelli-Scan
Items Processed - 182784
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

2/18/2008 6:40:21 AM:656 Immunizer Results
ActiveX section has been immunized. No items were processed.

Edited by adil8, 27 May 2008 - 04:30 PM.


#6 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 27 May 2008 - 04:26 PM

Malwarebytes' Anti-Malware 1.12 Database version: 793 Scan type: Quick Scan Objects scanned: 37356 Time elapsed: 3 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 May 2008 - 04:28 PM

You do have some issues going on, run Malwarebytes and post the log along with a new HJT log please

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 27 May 2008 - 04:28 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:21 AM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows...dir.asp?Ext=DAT
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937}: NameServer = 221.132.112.8 202.163.96.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937}: NameServer = 221.132.112.8 202.163.96.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{13D55031-0924-4031-9EC1-AF4CAD07C937}: NameServer = 221.132.112.8 202.163.96.3
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5091 bytes

#9 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 May 2008 - 04:44 PM

Hello,

Spyware Doctor found and removed a lot of bad stuff, go into the Quarantine folder and remove it all, nothing in there you want to keep.

Do you know anything about this???

221.0.0.0 - 221.255.255.255
Asia Pacific Network Information Centre
PO Box 2131
Milton, QLD
AU


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows...dir.asp?Ext=DAT

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es



Malwarebytes did not find anything bad, lets run this online virus scanner from Kaspersky and post the log along with a new HJT log please

Run this free online scan using Internet Explorer:
Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Post the log along with a New HJT Log into your next reply.


I will give you links to free programs to install to help keep you more secure when we are done.

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#10 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 28 May 2008 - 11:25 PM

KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 5:44:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 721188

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 71628
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 01:32:01

Infected Object Name Virus Name Last Action
C:\Documents and Settings\adil8\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\Temp\BIT72.tmp Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\Temp\~DFEDD7.tmp Object is locked skipped

C:\Documents and Settings\adil8\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\adil8\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\adil8\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080529-012839.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{5055A6A5-DD60-4F2C-B8D4-AA0240290E4D}\RP49\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\AADIL8.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\ModemLog_Nokia 6680 USB Modem.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\ZLT04fa3.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT052fd.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

F:\Kari Virtual Girlfriend\KARISetup.exe Infected: Trojan.Win32.Agent.mwy skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

I:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

kaspersky online scanner found a trojan in my computer but i am worried about the fact that why wasnt it detected by my nod32 antivirus when i regularly update it and scan my hard drive regularly

    Advertisements

Register to Remove


#11 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 28 May 2008 - 11:30 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:42 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4637 bytes

#12 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 28 May 2008 - 11:59 PM

1..

Spyware Doctor found and removed a lot of bad stuff, go into the Quarantine folder and remove it all, nothing in there you want to keep.


bro the spyware log that i posted was at the time when i was hacked about 3 months ago so i have reinstalled windows after that so there can be no qurantine folder now..

2..

Do you know anything about this???

221.0.0.0 - 221.255.255.255
Asia Pacific Network Information Centre
PO Box 2131
Milton, QLD
AU


well I have no idea about the above info....

3..

2/16/2008 2:27:38 PM:921 Infection was detected on this computer
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.com

2/16/2008 2:27:38 PM:937 Infection was detected on this computer
Threat Name - Spyware.Possible_Website_Hijack
Type - Bad Host Entry
Risk Level - High
Infection - 66.98.148.65, auto.search.msn.es


You can see in above that I was hacked from this IP previously and now the same IP shows yet again coz you asked me to remove it in the following from my hijack this log..

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es



is there anyway that I can make complain to the ISP of this particular person who is bothering me since 3 months?

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 May 2008 - 03:05 AM

Hello,

Kari Virtual Girlfriend <-- This what Kaspersky found, downloads like this will get you into trouble. I suggest going into your Add Remove Programs in the Control Panel and uninstalling it.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

Remove this
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

If you use alcohol soft for CD burning then leave this one be otherwise remove it
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com



Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


There is no one person targeting you, you just have to be careful what sites you go into.

Post a new HJT log please

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#14 adil8

adil8

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 29 May 2008 - 06:57 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:18 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4505 bytes

Kari Virtual Girlfriend <-- This what Kaspersky found, downloads like this will get you into trouble. I suggest going into your Add Remove Programs in the Control Panel and uninstalling it.


bro I dont have that Kari Virtual Girlfriend installed to my pc .. but I do have an exe file of that software that would help me to install it if i want to.. should i remove that Kari Virtual Girlfriend exe file? besides, please tell me why was nod32 anti virus unable to detect F:\Kari Virtual Girlfriend\KARISetup.exe Infected: Trojan.Win32.Agent.mwy which was found by kaspersky online scanner?

#15 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 May 2008 - 11:51 AM

I would delete that exe file, why take a chance on it damaging your system. It was located on your F:\ Drive, you maynot have had Nod32 set to scan all drives. You will find with Anti Virus software that what one misses another one will find, there all from different companies and run differently. No way around that.

Your log looks fine :thumbup: Here are some free programs to install to help keep you more secure.


Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0.0.14 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs

=============================================
This is what they do.

Install Spybot Search and Destroy, check for updates and run a can about once a week, be sure after you update to go to the Immunize folder and run it, right now its blocking 1000s or bad sites from installing malware. Do not enable the TeaTimer when you set it up or it will conflict with the next two.

Spyware Guard, just install it, nothing to run or update, it just sits in the background blocking bad changes to your system

Spyware Blaster Written by the same fine folks that wrote SG, no scans to run but you need to check for updates a few times a month and enable all protection, this is another program that blocks bad downloads and sites.

IE SpyAd keeps an eye on your system for changes and blocks them, no scan to run but update it about every other month or so.

Malwarebytes You installed the free version which is more than adequate, check for updates and run a scan a few times a month

ATF Cleaner This will empty out all your temp files and Temporary Internet Files that do build up and tend to bog down your system.

Windows Updates Make sure you have your system to download and install them automatically, you can find that option in the Security Center in the Control Panel.


I know this sounds corny but keep in mind that after installing all these free programs that the weakest link in the chain is the person sitting behind the monitor, so practice safe surfing, don't open attachments from emails or people you don't know. Stay out of porn sites, there a hotbed of nasty infections. Don't download any cracked or illegal software. Don't use any file sharing programs like Limewire and the like, you never know whats going to be attached to the music or video file you download. Don't download any registry cleaners or any programs that pop up offering you a free scan because they say your infected, your not but you will be when you accept the scan. Be wary of a site asking you to download a codec to view the site properly, some are legit but some are not, google the program first before you download it.


Hope this helps,


Safe Surfn
Ken

Edited by ken545, 29 May 2008 - 11:54 AM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users