Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT Log and Ewido log posted, please help!

Started by DKGCO , Jun 06 2006 12:41 PM

  • Please log in to reply

#1
DKGCO
Posted 06 June 2006 - 12:41 PM

DKGCO

    New Member

  • Member
  • Pip
  • 3 posts
Hi All,

My boss' computer keeps getting a lot of error msgs, Had 3 trojans found with TrendMicro Housecall, Troj_se.79664, Troj_se.86398, Troj_se.79669, and Dr. Watson Post Mortem Debugger keeps popping up, giving an error msg and then closing, and other programs (such as Word, or IE) close down and can not be re-opened without re-booting.

We have reformatted his HDD twice now, per DELL, but the stuff keeps coming back.

I ran Ewido, and got this:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:08:08 PM, 6/6/2006
+ Report-Checksum: ABDD1AD7

+ Scan result:

C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.21:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.22:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.37:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.38:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.39:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.47:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.57:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.60:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.61:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.67:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.81:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.89:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.90:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.151:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.152:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.161:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.162:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.173:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.198:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.199:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.202:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.203:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.204:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.205:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.206:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.207:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.208:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.209:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.220:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.230:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.231:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.233:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.234:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.235:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.236:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.237:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.258:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.259:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.285:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.286:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.287:D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g7vddgct.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
D:\Documets and Settings from C Drive Backup 5-15-0-6\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Server Backups\May 09, 2006 (20.04)\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Server Backups\May 09, 2006 (20.04)\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
D:\Server Backups\May 09, 2006 (20.04)\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
D:\Server Backups\May 15, 2006 (01.02)\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Server Backups\May 15, 2006 (01.02)\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
D:\Server Backups\May 15, 2006 (01.02)\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup
D:\Server Backups\May 16, 2006 (01.04)\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
D:\Server Backups\May 16, 2006 (01.04)\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
D:\Server Backups\May 16, 2006 (01.04)\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup


::Report End

I ran Hijack This and got this:

Logfile of HijackThis v1.99.1
Scan saved at 2:27:45 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Roboform\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Roboform\roboform.dll
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7\TMIETB.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [RoboForm] "C:\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O8 - Extra context menu item: Customize Menu - file://C:\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\Software\..\Telephony: DomainName = offshorelaw.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = offshorelaw.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe


Please help, somebody????

Edited by DKGCO, 06 June 2006 - 02:39 PM.

  • 0

Advertisements

#2
DKGCO
Posted 06 June 2006 - 01:19 PM

DKGCO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ran the SmitFraudFix per instructions in a previous post above, here are the results:

SmitFraudFix v2.55

Scan done at 15:12:43.20, Tue 06/06/2006
Run from C:\Documents and Settings\Dan\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dan\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#3
DKGCO
Posted 07 June 2006 - 08:21 AM

DKGCO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
A new Hijack this Logfile, ran while NOT in safe mode ( I saw on another post to do that, my previous post was made in safe mode)

Logfile of HijackThis v1.99.1
Scan saved at 10:17:52 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Roboform\RoboTaskBarIcon.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Roboform\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Roboform\roboform.dll
O3 - Toolbar: Time Matters - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7\TMIETB.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O8 - Extra context menu item: Customize Menu - file://C:\Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Roboform\RoboFormComSavePass.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Roboform\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\Software\..\Telephony: DomainName = offshorelaw.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = offshorelaw.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = offshorelaw.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP