Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse- Pigsearch


  • Please log in to reply

#1
Karen1950

Karen1950

    New Member

  • Member
  • Pip
  • 1 posts
a2-square found Pigsearch and I can't get rid of it. Can you help? I did find some help on your web site and I followed it to the tee, but it is still there! I have a Hijack This log, but I can't figure out how to attach it, so I will paste it here.

Logfile of HijackThis v1.99.1
Scan saved at 6:19:04 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo

Downloader.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\io2Software\Pen.TrayIcon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus

6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\UltraDVD\DVDMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus

6.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Wireless-G Portable USB

Adapter\WLService.exe
C:\Program Files\Wireless-G Portable USB

Adapter\WUSB54GP.exe
c:\program files\logitech\io2software\Pen.LplsHost.exe
c:\program files\logitech\io2software\pen.ink.download.exe
c:\program

files\logitech\io2software\loli.filesystem.accessmanager.s

erver.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\a-squared Free\a2free.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Karen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://red.clientapp...comp_wave/defau

lts/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page =

http://red.clientapp...comp_wave/defau

lts/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://oklahomacity.cox.net/
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapp...comp_wave/defau

lts/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local

Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page =
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: War Rock Toolbar Helper -

{0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:\Program

Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: War Rock Toolbar -

{5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:\Program

Files\War Rock Toolbar\v3.2.0.0\War_Rock_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program

Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft

IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program

Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program

Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Pen.TrayIcon] C:\Program

Files\Logitech\io2Software\Pen.TrayIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program

Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UltraDVDMon] "C:\Program

Files\UltraDVD\DVDMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI

Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI

Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program

Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem

Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk =

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to

IncrediMail Style Box -

C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Rebate Nation -

file://C:\Program

Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics -

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program

Files\Kaspersky Lab\Kaspersky Anti-Virus

6.0\scieplugin.dll
O9 - Extra button: ATI TV -

{44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program

Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky...fault/kavwebsca

n_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.micros.../v6/V5Controls/

en/x86/client/muweb_site.cab?1143743469061
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}

(IncrediMail) -

http://www2.incredim...downloader_sp1/

imloader.cab
O20 - Winlogon Notify: klogon -

C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown

owner - C:\Program Files\Kaspersky Lab\Kaspersky

Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: B's Recorder GOLD Library General Service

(bgsvcgen) - B.H.A Corporation -

C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: GEARSecurity - GEAR Software -

C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Digital Pen rendezvous server

(PenRendezvous) - Logitech - C:\Program Files\Common

Files\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Digital Pen Socket to USB protocol (PenSup)

- Logitech - C:\Program Files\Common

Files\Logitech\Pen\Phal\Service\LPhal.exe
O23 - Service: Pml Driver - HP -

C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Remote Packet Capture Protocol v.0

(experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) -

SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra

Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware

- C:\Program Files\SiSoftware\SiSoftware Sandra Lite

2005.SR1\RpcSandraSrv.exe
O23 - Service: WUSB54GPSVC - Unknown owner - C:\Program

Files\Wireless-G Portable USB Adapter\WLService.exe"

"WUSB54GP.exe (file missing)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP