Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32.TrojanProxy.Horst - Ad-Aware log included [CLOSED]

Started by Esoteric10 , Jun 09 2008 05:20 PM

  • This topic is locked This topic is locked

#1
Esoteric10
Posted 09 June 2008 - 05:20 PM

Esoteric10

    New Member

  • Member
  • Pip
  • 2 posts
Hi all-

My computer was recently under attack by a trojan, which rendered XP unable to boot up, even in safe mode. It appeared to have altered my registry. I proceeded to run CHKDSK /r, which took an entire 4 days to complete. After CHKDSK /r was finished, I was able to boot up.

I am worried that the source of the problem has still not been taken care of, and that there still may be malicious activity taking place.

I ran ad-aware, and analyzed the log file (pasted below my post). I believe I found the source of my troubles (in bold). Before I was infected, I had run the file that is mentioned in the log, which seems to have infected me. Serves me right for trying to pirate software :)

I've also noticed unusual activity with my running processes, leaving me to believe that the trojan may have attached itself to a system file.

Something else that I've noticed is that my computer is lagging substantially since I had my run-in with this trojan (freezing for a few seconds, then resuming normally). This leads me to believe that there is still something fishy going on.

Any help would be much appreciated. Thanks in advance!

-Dave



----

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 09, 2008 2:32:08 AM
Using definitions file:SE1R257 04.06.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


6-9-2008 2:32:08 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\David\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\David\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\office\10.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-771051721-1585035531-1258972294-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 364
ThreadCreationTime : 6-9-2008 5:28:02 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 428
ThreadCreationTime : 6-9-2008 5:28:42 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 6-9-2008 5:28:46 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 6-9-2008 5:28:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 6-9-2008 5:28:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 6-9-2008 5:28:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 6-9-2008 5:28:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 824
ThreadCreationTime : 6-9-2008 5:29:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 884
ThreadCreationTime : 6-9-2008 5:29:01 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 12
ProductVersion : 9, 0, 0, 0
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 984
ThreadCreationTime : 6-9-2008 5:29:05 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 41
ProductVersion : 9, 0, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : S24EvMon.exe

#:11 [wlkeeper.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1008
ThreadCreationTime : 6-9-2008 5:29:07 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 14
ProductVersion : 1, 0, 0, 1
ProductName : SSOFSet Service
CompanyName : Intel® Corporation
FileDescription : WLKEEPER
InternalName : WLKEEPER
LegalCopyright : Copyright © 2004
OriginalFilename : WLKEEPER.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 6-9-2008 5:29:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1096
ThreadCreationTime : 6-9-2008 5:29:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1112
ThreadCreationTime : 6-9-2008 5:29:13 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 45
ProductVersion : 1, 0, 0, 2
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : ZeroCfgSvc.EXE

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1236
ThreadCreationTime : 6-9-2008 5:29:14 AM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 6-9-2008 5:29:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1376
ThreadCreationTime : 6-9-2008 5:29:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:18 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 1500
ThreadCreationTime : 6-9-2008 5:29:24 AM
BasePriority : Normal
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe

#:19 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 1544
ThreadCreationTime : 6-9-2008 5:29:25 AM
BasePriority : Normal
FileVersion : 1,0,3,1
ProductVersion : 1,0,3,1
ProductName : Bonjour
CompanyName : Apple Computer, Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright © 2003-2006 Apple Computer, Inc.
OriginalFilename : mDNSResponder.exe

#:20 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1612
ThreadCreationTime : 6-9-2008 5:29:25 AM
BasePriority : Normal
FileVersion : 3.6.0.453
ProductName : McAfee Common Framework
CompanyName : McAfee, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2006 McAfee, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:21 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1796
ThreadCreationTime : 6-9-2008 5:29:32 AM
BasePriority : High


#:22 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1868
ThreadCreationTime : 6-9-2008 5:29:41 AM
BasePriority : Normal


#:23 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 1940
ThreadCreationTime : 6-9-2008 5:29:45 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright © 2004 Dell Inc.
OriginalFilename : NicConfigSvc.EXE

#:24 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1972
ThreadCreationTime : 6-9-2008 5:29:46 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 10
ProductVersion : 9, 0, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2020
ThreadCreationTime : 6-9-2008 5:29:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:26 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 124
ThreadCreationTime : 6-9-2008 5:29:50 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:27 [naprdmgr.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 156
ThreadCreationTime : 6-9-2008 5:29:50 AM
BasePriority : Normal
FileVersion : 3.6.0.453
ProductName : McAfee Common Framework
CompanyName : McAfee, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2006 McAfee, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:28 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 244
ThreadCreationTime : 6-9-2008 5:29:54 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 19
ProductVersion : 9, 0, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : iFramewrk.exe

#:29 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 332
ThreadCreationTime : 6-9-2008 5:29:54 AM
BasePriority : Normal


#:30 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_05\bin\
ProcessID : 320
ThreadCreationTime : 6-9-2008 5:29:57 AM
BasePriority : Normal


#:31 [setpoint.exe]
FilePath : C:\Program Files\Logitech\SetPoint\
ProcessID : 1068
ThreadCreationTime : 6-9-2008 5:30:19 AM
BasePriority : Normal
FileVersion : 4.24.99
ProductVersion : 4.24.99
ProductName : Logitech SetPoint
CompanyName : Logitech, Inc.
FileDescription : Logitech SetPoint Event Manager (UNICODE)
InternalName : SetPoint
LegalCopyright : © 1998-2007 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech, Inc.
OriginalFilename : SetPoint.exe
Comments : Created by the Productivity Software team

#:32 [khalmnpr.exe]
FilePath : C:\Program Files\Common Files\Logishrd\KHAL2\
ProcessID : 2076
ThreadCreationTime : 6-9-2008 5:30:45 AM
BasePriority : Normal
FileVersion : 4.24.28
ProductVersion : 4.24.28
ProductName : Logitech SetPoint
CompanyName : Logitech, Inc.
FileDescription : Logitech KHAL Main Process
InternalName : KHAL
LegalCopyright : © 1998-2007 Logitech. All rights reserved.
LegalTrademarks : Logitech® and SetPoint® are registered trademarks of Logitech, Inc.
OriginalFilename : KHALMNPR.EXE
Comments : Created by the Productivity Software team

#:33 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2852
ThreadCreationTime : 6-9-2008 5:31:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:34 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3012
ThreadCreationTime : 6-9-2008 5:31:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3200
ThreadCreationTime : 6-9-2008 5:32:45 AM
BasePriority : Normal


#:36 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3144
ThreadCreationTime : 6-9-2008 5:47:08 AM
BasePriority : Normal


#:37 [1xconfig.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 4032
ThreadCreationTime : 6-9-2008 5:47:18 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 33
ProductVersion : 9, 0, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)

#:38 [msconfig.exe]
FilePath : C:\WINDOWS\PCHealth\HelpCtr\Binaries\
ProcessID : 2096
ThreadCreationTime : 6-9-2008 6:16:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Configuration Utility
InternalName : msconfig.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : msconfig.EXE

#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 948
ThreadCreationTime : 6-9-2008 6:29:53 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:40 [udaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 964
ThreadCreationTime : 6-9-2008 6:31:22 AM
BasePriority : Normal
FileVersion : 3.6.0.453
ProductName : McAfee Common Framework
CompanyName : McAfee, Inc.
FileDescription : Common User Interface
InternalName : UpdUI
LegalCopyright : Copyright© 2000-2006 McAfee, Inc. All Rights Reserved.
OriginalFilename : UpdUI.exe

#:41 [mctray.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 3136
ThreadCreationTime : 6-9-2008 6:31:33 AM
BasePriority : Normal
FileVersion : 1.0.0.125
ProductName : McAfee Common Framework
CompanyName : McAfee, Inc.
FileDescription : McAfee Security Agent Taskbar Extension
InternalName : McTray
LegalCopyright : Copyright© 2006 McAfee, Inc. All Rights Reserved.
OriginalFilename : McTray.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@adlegend[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:35
Value : Cookie:[email protected]/
Expires : 2-10-2018 8:03:26 AM
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:125
Value : Cookie:[email protected]/
Expires : 12-31-2009 8:00:00 PM
LastSync : Hits:125
UseCount : 0
Hits : 125

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 5-15-2011 12:50:08 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-13-2013 8:43:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@tacoda[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:[email protected]/
Expires : 7-9-2008 7:50:48 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:355
Value : Cookie:[email protected]/
Expires : 5-31-2013 9:02:08 AM
LastSync : Hits:355
UseCount : 0
Hits : 355

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 6-6-2010 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:71
Value : Cookie:[email protected]/
Expires : 7-18-2009 6:45:04 PM
LastSync : Hits:71
UseCount : 0
Hits : 71

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 5-4-2010 6:13:32 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 6-7-2010 1:33:50 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 5-30-2013 5:46:28 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:[email protected]/
Expires : 4-28-2040 1:36:12 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-8-2012 1:00:56 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 4-7-2018 7:51:52 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 4-15-2013 8:00:00 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@unicast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:[email protected]/
Expires : 6-17-2008
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 4-30-2018 3:22:24 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@specificclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:27
Value : Cookie:[email protected]/
Expires : 6-6-2009 3:46:02 PM
LastSync : Hits:27
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-4-2010 6:13:32 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-29-2028 7:52:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 55



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanProxy.Horst Object Recognized!
Type : File
Data : FLASHC~1.EXE
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\David\Desktop\Adobe Flash CS3 (9.0) Professional + KeyGen & Inst\
FileVersion : 9, 1, 1, 0
ProductVersion : 9, 1, 1, 0
ProductName : Adobe CS3 Flash Keygen
FileDescription : Adobe CS3 Flash Keygen
InternalName : Keygen
LegalCopyright : Copyright © 2007
OriginalFilename : keygen.EXE

<STOP>

Edited by Esoteric10, 09 June 2008 - 05:25 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 10 June 2008 - 06:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
This is what you get for downloading keygens

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\David\Desktop\Adobe Flash CS3 (9.0) Professional + KeyGen & Inst
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Documents and Settings\David\Desktop">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears



CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

  • 0

#3
Esoteric10
Posted 10 June 2008 - 06:44 PM

Esoteric10

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Rorsarch -

Thanks for the help.

I tried doing the "Move-It" thing, however explorer did not start back up after running it, and Task manager would also not come up. I had to shut off my computer's power and boot back up. CHKDSK ran, and it corrected 3 indexes.

In any case, I did go ahead and run peek.bat. Here are the results:



Volume in drive C has no label.
Volume Serial Number is DCD2-182A

Directory of C:\Documents and Settings\David\Desktop

06/10/2008 08:40 PM <DIR> .
06/10/2008 08:40 PM <DIR> ..
05/31/2008 02:12 AM 222,986,000 430_b025_english.exe
04/09/2008 10:13 PM 256,860,160 430_b23_multilanguage.exe
05/31/2008 01:45 AM 95,710,064 8320AllLang_PBr4.5.0_rel52_PL2.7.0.55_A4.5.0.37.exe
05/10/2008 01:36 AM <DIR> Adobe CS3
05/08/2008 03:09 AM 18,082 Adobe_Flash_CS3_9.0_Professional_KeyGen_amp_Inst663729305021.939[www.btmon.com].
torrent
05/31/2008 04:10 AM 2,399,591 Backup-(2008-05-31).ipd
06/06/2008 04:44 PM <DIR> backups
04/21/2008 03:17 PM 966 Blackberry Video.lnk
04/30/2008 03:35 PM 28,674 case study #2(2).doc
04/30/2008 03:34 PM 26,112 case study #2.doc
04/11/2008 03:58 AM <DIR> Casino Verite Blackjack 3.036 cracked
04/30/2008 05:30 PM 43,111 code.jpg
04/30/2008 05:30 PM 23,948 code.tif
05/31/2008 05:58 PM 323,249,656 comedy.central.presents.mitch.hedberg.uncut.avi
05/31/2008 05:10 PM 13,536 comedy_central_presents_mitch_hedberg_uncut_avi723615702622.053[www.btmon.com].t
orrent
04/11/2008 03:08 AM 25,111,504 cvbj40.exe
10/23/2007 01:51 PM 243,226,648 Desktop Software v4.2 SP2 (English).exe
03/21/2008 02:41 AM 686,630 dss.exe
05/27/2008 12:49 PM 8,111,979 DWG2PDF.exe
05/27/2008 01:42 PM 4,574,984 dwgpdf.exe
05/02/2008 12:40 AM 12,470,964 emssetup152.exe
04/21/2008 05:16 PM 205,254,158 Family Guy Presents- Stewie Griffin- The Untold Story-Original-LAVC.avi
09/01/2005 05:42 PM 648 FL Studio 4.lnk
02/16/2005 12:06 PM 218,112 HijackThis.exe
06/06/2008 10:26 PM 4,732 hijackthis.log
05/30/2008 06:28 PM 1,684,997 installspeedfan434.exe
12/22/2005 04:58 PM 1,620 LimeWire PRO.lnk
05/31/2008 04:14 AM 2,399,591 LoaderBackup-(2008-05-31).ipd
05/10/2008 02:17 AM 17,781 Louis_Logic_-_3_Albums.torrent
05/01/2008 03:14 AM <DIR> macromedia 8
02/23/2007 08:56 PM 1,780 Macromedia Dreamweaver MX.lnk
12/01/2006 09:30 PM 1,793 Macromedia Fireworks MX 2004.lnk
04/20/2008 11:26 PM 1,680 Macromedia Flash MX (2).lnk
06/10/2008 05:27 PM 291,328 OTMoveIt2.exe
08/31/2005 11:10 PM 738 Outlook Express.lnk
05/30/2008 05:14 PM <DIR> pages
05/05/2008 11:22 PM 21,494 page_va_logo_design_04_0706041421_id_28680.jpg
06/10/2008 08:40 PM 101 peek.bat
05/29/2008 03:30 AM 23,347 preliminary_rack_print.jpg
03/19/2008 12:55 AM 1,413,852 SDFix.exe
04/11/2008 03:58 AM 641 Shortcut to CVBJ.EXE.lnk
04/20/2008 01:07 AM 786 Shortcut to QBW32PremierRetail.exe.lnk
04/21/2008 04:56 PM 226,915,460 ST-Original-LAVC.avi
06/09/2008 01:53 AM 1,693,024 taskmanager17(2).exe
04/09/2008 12:03 AM 1,570,920 taskmanager17.exe
04/09/2008 02:20 AM <DIR> trash
04/30/2008 04:12 PM 17,038 Untitled-3.gif
05/04/2008 08:15 PM <DIR> WebSites
08/31/2005 12:50 AM 654 Winamp.lnk
01/17/2008 12:04 AM 1,840,820 wmsbeats+crowngemwmsbeatscom.mp3
43 File(s) 1,638,919,704 bytes
9 Dir(s) 11,913,015,296 bytes free


There's a little peek into my desktop's life :)

I believe I may have a deeper problem, since I'm lagging immensely and it seems like my computer is certainly still infected. Thanks again for your help.
  • 0

#4
Rorschach112
Posted 11 June 2008 - 05:34 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
That is what you get for downloading cracks

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\David\Desktop\Adobe_Flash_CS3_9.0_Professional_KeyGen_amp_Inst663729305021.939[www.btmon.com].torrent
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

  • 0

#5
Rorschach112
Posted 15 June 2008 - 04:27 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP