Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing virtumonde [RESOLVED]

Started by serginsurge , Jun 29 2008 10:39 AM

  • This topic is locked This topic is locked

#1
serginsurge
Posted 29 June 2008 - 10:39 AM

serginsurge

    Member

  • Member
  • PipPip
  • 22 posts
I have been trying to remove virtumonde from computer for the past two days, popups keep showing up only when i use internet explorer and the computer is running slower than usual. I have followed all the initial steps before posting. Here are the log files.

ActiveScan log

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-29 09:03:56
PROTECTIONS: 0
MALWARE: 36
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Winamp\Plugins\ml_ipod\Process.exe
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.mediaplex.com/]
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.spylog.com/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.findwhat.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.azjmp.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ad.yieldmanager.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.weborama.fr/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ads.pointroll.com/]
00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.ig.com.br/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.realmedia.com/]
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.uol.com.br/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.adultfriendfinder.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt[.go.com/]
00260616 Trj/Agent.BLZ Virus/Trojan No 1 Yes No C:\WINDOWS\system32\PcastUpdate.dll
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP317\A0086075.exe
00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
00794859 Adware/Dudu Adware No 0 Yes No C:\WINDOWS\system32\pCastCtl.dll
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.enhance.com/]
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Santana\Application Data\Netscape\Navigator\Profiles\nchzmele.default\cookies.txt[.enhance.com/]
01343387 Generic Trojan Virus/Trojan No 0 Yes No C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi[unk_0029]
01343387 Generic Trojan Virus/Trojan No 0 Yes No C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe
02055823 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP288\A0072769.exe
02360700 W32/Gaobot.OXI.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP315\A0085013.exe
03073999 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP309\A0080492.com
03117478 Trj/Bancos.TC Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP317\A0085053.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location <
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description <
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002 <
184379 MEDIUM MS08-001 <
182048 HIGH MS07-069 <
182046 HIGH MS07-067 <
182043 HIGH MS07-064 <
179553 HIGH MS07-061 <
176382 HIGH MS07-057 <
176383 HIGH MS07-058 <
;===============================================================================
=================================================================================
===================
  • 0

Advertisements

#2
serginsurge
Posted 29 June 2008 - 10:40 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:59 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: {3364ee38-f2d2-73ca-2634-bad043fa1d45} - {54d1af34-0dab-4362-ac37-2d2f83ee4633} - C:\WINDOWS\system32\ihwsjk.dll
O2 - BHO: (no name) - {60E0E6A5-598B-4D47-A609-2B61730AACF3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [C:\WINDOWS\system32\P1110Ext.ax] "C:\WINDOWS\system32\RegSvr32.exe" /s C:\WINDOWS\system32\P1110Ext.ax
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.c...live2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152644996309
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.midiahost....1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54BC66FA-EDEF-484A-8E8E-3850FC3D0532}: NameServer = 68.70.15.242,68.70.15.243
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 12356 bytes
  • 0

#3
serginsurge
Posted 29 June 2008 - 10:41 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Malwarebytes' Anti-Malware 1.19
Database version: 901
Windows 5.1.2600 Service Pack 2

11:13:07 PM 6/28/2008
mbam-log-6-28-2008 (23-13-07).txt

Scan type: Quick Scan
Objects scanned: 48242
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{be7e4ce1-8cba-44a6-956f-462a667d3286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vtUnkkhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhkknUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfippbsu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#4
serginsurge
Posted 29 June 2008 - 10:43 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/29/2008 at 00:50 AM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 01:31:33

Memory items scanned : 405
Memory threats detected : 0
Registry items scanned : 8015
Registry threats detected : 0
File items scanned : 134779
File threats detected : 1

Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
adverts.chickendinner.co.uk [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
  • 0

#5
koko_crunch
Posted 01 July 2008 - 08:02 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello serginsurge and Welcome to Geeks to Go!

Sorry for the delay.
We've been quite busy this week.

Since the state of your computer is different from the time the logs were posted.
I would need you to run another scan.

Please stick with me until I give you the all clear. :)

Let's start.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Logs required on next post.
- MBAM log
- SuperAntispyware log
- New HijackThis log
  • 0

#6
serginsurge
Posted 01 July 2008 - 10:03 PM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok, here are the logs

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

10:24:59 PM 7/1/2008
mbam-log-7-1-2008 (22-24-59).txt

Scan type: Quick Scan
Objects scanned: 48980
Time elapsed: 8 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{be7e4ce1-8cba-44a6-956f-462a667d3286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by serginsurge, 01 July 2008 - 10:04 PM.

  • 0

#7
serginsurge
Posted 01 July 2008 - 10:07 PM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 11:57 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 01:28:05

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 8000
Registry threats detected : 0
File items scanned : 132464
File threats detected : 0

Adware.Tracking Cookie
.statcounter.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.goal.adbureau.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.snagajob.122.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.virginmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
adverts.chickendinner.co.uk [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.perf.overture.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.ehg-techtarget.hitbox.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.pornstartemptation.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.pornstartemptation.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.jimmyspornstars.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
www.jimmyspornstars.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.hotlog.ru [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.list.ru [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ads.crakmedia.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
rotator.adjuggler.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.premiumtv.122.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.ehg-futurepub.hitbox.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.ehg-mgnlimited.hitbox.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
.trinitymirror.112.2o7.net [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Santana\Application Data\Mozilla\Firefox\Profiles\vc956hkz.default\cookies.txt ]
  • 0

#8
serginsurge
Posted 01 July 2008 - 10:07 PM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:15 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: {3364ee38-f2d2-73ca-2634-bad043fa1d45} - {54d1af34-0dab-4362-ac37-2d2f83ee4633} - C:\WINDOWS\system32\ihwsjk.dll
O2 - BHO: (no name) - {60E0E6A5-598B-4D47-A609-2B61730AACF3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [C:\WINDOWS\system32\P1110Ext.ax] "C:\WINDOWS\system32\RegSvr32.exe" /s C:\WINDOWS\system32\P1110Ext.ax
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.c...live2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152644996309
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.midiahost....1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54BC66FA-EDEF-484A-8E8E-3850FC3D0532}: NameServer = 68.70.15.242,68.70.15.243
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 12144 bytes
  • 0

#9
koko_crunch
Posted 01 July 2008 - 10:50 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
We need to remove some more malware.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Next,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: {3364ee38-f2d2-73ca-2634-bad043fa1d45} - {54d1af34-0dab-4362-ac37-2d2f83ee4633} - C:\WINDOWS\system32\ihwsjk.dll
O2 - BHO: (no name) - {60E0E6A5-598B-4D47-A609-2B61730AACF3} - (no file)
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.c...live2.4.0.0.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.


Then,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\PcastUpdate.dll
C:\WINDOWS\system32\pCastCtl.dll
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Logs required on next post.
- Sdfix log
- OTmoveit log
- New HijackThis log
  • 0

#10
serginsurge
Posted 02 July 2008 - 10:14 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
SDFix: Version 1.199
Run by Santana on Wed 07/02/2008 at 11:28 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 11:56:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ebffea3b
"s2"=dword:2ea1df1e
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:21,e6,7e,76,91,b4,cd,67,ca,35,85,33,89,10,f2,97,82,37,7a,3a,e3,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:76,0d,74,ad,21,e4,9d,db,ff,a9,8b,d3,26,33,c4,1a,8e,f0,b7,49,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,99,70,d4,a6,66,a4,7d,0e,e9,2b,5f,f8,e7,03,db,0f,af,..
"khjeh"=hex:65,b9,7b,9f,61,3e,7d,49,0b,64,5b,1b,37,2a,86,8a,15,6d,9b,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,29,12,80,a2,4b,12,78,43,19,f7,6a,41,96,4a,f8,21,ea,7d,6e,bc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:21,e6,7e,76,91,b4,cd,67,ca,35,85,33,89,10,f2,97,82,37,7a,3a,e3,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:76,0d,74,ad,21,e4,9d,db,ff,a9,8b,d3,26,33,c4,1a,8e,f0,b7,49,65,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,99,70,d4,a6,66,a4,7d,0e,e9,2b,5f,f8,e7,03,db,0f,af,..
"khjeh"=hex:65,b9,7b,9f,61,3e,7d,49,0b,64,5b,1b,37,2a,86,8a,15,6d,9b,87,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,29,12,80,a2,4b,12,78,43,19,f7,6a,41,96,4a,f8,21,ea,7d,6e,bc,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1175KA230BCB5154CAEA6695BEDA5F4F]
"8BD05ECF016C24C4EBC591F3646C8F21"="C:\Program Files\MSN Messenger\usnsvcps.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9968B674-2B50-C751-1890-68C0A40E84A5}]
"iacobicfifplbigmom"=hex:6a,61,68,6e,67,70,6f,6c,61,65,6a,66,64,62,6f,6d,6f,62,6a,67,00,..
"haeopndjkjgoglck"=hex:6a,61,68,6e,67,70,6f,6c,61,65,6a,66,64,62,6f,6d,6f,62,6a,67,00,..
"gabbckaehbkiem"=hex:6a,61,68,6e,66,6f,6e,6e,65,65,6f,62,61,66,6f,64,63,61,62,6f,00,..

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0010C.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0010D.log 131072 bytes
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0010E.log
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\WindowsXP-KB948590-x86-express-ENU.cab
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\_sfx_0008._p
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\_sfx_0009._p
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\_sfx_0010._p
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\_sfx_0011._p
C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\_sfx_manifest_

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 9


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Program Files\\KONAMI\\Winning Eleven 9\\Winning eleven 9.exe"="C:\\Program Files\\KONAMI\\Winning Eleven 9\\Winning eleven 9.exe:*:Enabled:we9.exe"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\PPLive\\PPlive.exe"="C:\\Program Files\\PPLive\\PPlive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe"="C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe:*:Enabled:Share Streaming"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\PPMNet.exe:*:Enabled:PPMate"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\Santana\\Desktop\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Documents and Settings\\Santana\\Desktop\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\Santana\\Desktop\\games\\PES2008.exe"="C:\\Documents and Settings\\Santana\\Desktop\\games\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MegaCubo\\megacubo.exe"="C:\\Program Files\\MegaCubo\\megacubo.exe:*:Enabled:MegaCubo"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 14 Sep 2007 247,296 A.SH. --- "C:\Program Files\Game Graphic Studio\DelZip179.dll"
Thu 27 Jul 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Mon 16 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2006c93acdb066bdfcaef21319037e32\BIT24.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29c2f3fb5a7e6317d299b7582ff51eb8\BIT23.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4cccd8c1bc85247ebfa9061d6bf08de1\BIT1F.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5927b5350a8f9603d69133bf1d4e41d0\BIT22.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5e547917144491a190d7906cd12d2b35\BIT20.tmp"
Wed 2 Jul 2008 8,795,102 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\65d355385a56c3fa2bfdd7a104ca0c0b\BIT1E.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f4af55d0bd88e56475d53154fd62d5a0\BIT21.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\28607bd02fc0f9c734f452e4f2666652\download\BIT28.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32609716235f5bb490b53275a46058f8\download\BIT2F.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42607421ab11ddfdc35fb68dbc4729e9\download\BIT2D.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\44294cc09489e42ab360bd5883f74d9e\download\BIT25.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\676c806c6ca4616ab1e3fde1a4804a24\download\BIT26.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6ac42657c636012f9effce4f937863f4\download\BIT2A.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\786d8d10fefe7553d7282b60526a243b\download\BIT2E.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\88aa16c08992a222297cc493fc329b20\download\BIT30.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad6c31f7d0a4d2645ed6d67e2530522e\download\BIT27.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ada4d488d7d0854b79cefb8bc70c8d98\download\BIT29.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b71aca7a08a5fe27ac1f8793ff9b70cf\download\BIT2C.tmp"
Wed 2 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8c6a8157d1ed68b0b0f724babd8b17f\download\BIT2B.tmp"

Finished!
  • 0

Advertisements

#11
serginsurge
Posted 02 July 2008 - 10:15 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
C:\WINDOWS\system32\PcastUpdate.dll unregistered successfully.
C:\WINDOWS\system32\PcastUpdate.dll moved successfully.
C:\WINDOWS\system32\pCastCtl.dll unregistered successfully.
C:\WINDOWS\system32\pCastCtl.dll moved successfully.
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe moved successfully.
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_121126
  • 0

#12
serginsurge
Posted 02 July 2008 - 10:15 AM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:57 PM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: {3364ee38-f2d2-73ca-2634-bad043fa1d45} - {54d1af34-0dab-4362-ac37-2d2f83ee4633} - C:\WINDOWS\system32\ihwsjk.dll
O2 - BHO: (no name) - {60E0E6A5-598B-4D47-A609-2B61730AACF3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [C:\WINDOWS\system32\P1110Ext.ax] "C:\WINDOWS\system32\RegSvr32.exe" /s C:\WINDOWS\system32\P1110Ext.ax
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.c...live2.4.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152644996309
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.midiahost....1.11_en_dl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54BC66FA-EDEF-484A-8E8E-3850FC3D0532}: NameServer = 68.70.15.242,68.70.15.243
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 12236 bytes
  • 0

#13
koko_crunch
Posted 02 July 2008 - 06:05 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Anti-virus is a necessity this days.
Please choose one from these free Anti-Virus softwares.

Note: Installing more than one anti-virus software can lead to system hang ups and conflicts, providing less protection, not more!.

INSTALL
and
UPDATE


Then,

Please disable Ashampoo Guard.
Can't find it a link on how to disable it excatly but you should be able to find it in Preferences >> Guard.

Next,


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: {3364ee38-f2d2-73ca-2634-bad043fa1d45} - {54d1af34-0dab-4362-ac37-2d2f83ee4633} - C:\WINDOWS\system32\ihwsjk.dll
O2 - BHO: (no name) - {60E0E6A5-598B-4D47-A609-2B61730AACF3} - (no file)
O4 - HKLM\..\Run: [C:\WINDOWS\system32\P1110Ext.ax] "C:\WINDOWS\system32\RegSvr32.exe" /s C:\WINDOWS\system32\P1110Ext.ax
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.c...live2.4.0.0.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.

Finally,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ihwsjk.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post back with the following logs
- OTMoveIt log
- New HijackThis log
  • 0

#14
serginsurge
Posted 02 July 2008 - 06:14 PM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
O9 - Extra button: (no name) - {09FE188B-6E85-479e-9411-51FB2220DF80} - (no file)

was the only one that showed up on hijackthis the rest was not there
  • 0

#15
serginsurge
Posted 02 July 2008 - 06:17 PM

serginsurge

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here are the logs



File/Folder C:\WINDOWS\system32\ihwsjk.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_201421
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP