Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy.HTML.Smitfraud.c Please Help

Started by ERW , May 11 2005 10:50 PM

  • This topic is locked This topic is locked

#1
ERW
Posted 11 May 2005 - 10:50 PM

ERW

    Member

  • Member
  • PipPip
  • 12 posts
Hello! Sorry to add to the load, I noticed a lot of people here with the same problem.

My friend just got this virus and unfortunately she knows very little about this, so I’m just trying to help her out…

NOD32 detected the virus but couldn’t remove it…

Any help would of course be greatly appreciated!


------------

Logfile of HijackThis v1.99.1
Scan saved at 01:31:36, on 12/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\ARQUIVOS DE PROGRAMAS\DISCADOR TELEFONICA\DDT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {24BACB06-675A-4F30-92E9-33A34B0A9063} - C:\WINDOWS\SYSTEM\LIJE.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O18 - Filter: text/html - {3A63BF42-4C52-4142-BFD1-0A011872F170} - C:\WINDOWS\SYSTEM\LIJE.DLL
O18 - Filter: text/plain - {3A63BF42-4C52-4142-BFD1-0A011872F170} - C:\WINDOWS\SYSTEM\LIJE.DLL
  • 0

Advertisements

#2
don77
Posted 16 May 2005 - 09:14 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi ERW and welcome, Sorry for the late reply, If your still looking for help in resolving this please post a fresh HJT please,

If you have already solved the issue please let us know,

Thanks and sorry for the late reply

Don
  • 0

#3
ERW
Posted 16 May 2005 - 10:25 PM

ERW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Don! np I understand this is a very busy place. ;)

Unfortunately, I wasn't able to resolve this problem... :tazz:

Fresh HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 01:17:03, on 17/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\ARQUIVOS DE PROGRAMAS\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\ARQUIVOS DE PROGRAMAS\DISCADOR TELEFONICA\DDT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {F0D13326-F97F-4C8B-8C66-E914B637FC65} - C:\WINDOWS\SYSTEM\LIJE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O18 - Filter: text/html - {07B42A27-3B67-45A2-9A32-0A1276F923B5} - C:\WINDOWS\SYSTEM\LIJE.DLL
O18 - Filter: text/plain - {07B42A27-3B67-45A2-9A32-0A1276F923B5} - C:\WINDOWS\SYSTEM\LIJE.DLL
  • 0

#4
don77
Posted 17 May 2005 - 04:49 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
We appreciate your patience ERW,*Please create a folder and name it SpSeHjfix
*Download SpSeHjfix into the folder.
*Disconnect from the net and Close ALL OPEN PROGRAMS.
*Run 'SpSeHjfix' and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process.
*The tool creates a log of the fix which will appear in the folder.

*Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'
.
  • 0

#5
ERW
Posted 17 May 2005 - 09:50 PM

ERW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Done!

SPSeHjFix Log:

(5/18/05 00:38:16) SPSeHjFix started v1.1.2
(5/18/05 00:38:16) OS: WinME (4.90.3000)
(5/18/05 00:38:16) Language: portuguęs
(5/18/05 00:38:16) Win-Path: C:\WINDOWS
(5/18/05 00:38:16) System-Path: C:\WINDOWS\SYSTEM
(5/18/05 00:38:16) Temp-Path: C:\WINDOWS\TEMP\
(5/18/05 00:38:30) Disinfection started
(5/18/05 00:38:30) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/18/05 00:38:30) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\LIJE.DLL
(5/18/05 00:38:30) Searchassistant Uninstaller - Keys Deleted
(5/18/05 00:38:30) UBF: 6 - UBB: 1 - UBR: 23
(5/18/05 00:38:30) FilterKey: HKCR\text/html (deleted)
(5/18/05 00:38:30) FilterKey: HKCR\CLSID\{07B42A27-3B67-45A2-9A32-0A1276F923B5} (deleted)
(5/18/05 00:38:30) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/18/05 00:38:30) FilterKey: HKCR\text/plain (deleted)
(5/18/05 00:38:30) FilterKey: HKCR\CLSID\{07B42A27-3B67-45A2-9A32-0A1276F923B5} (error while deleting)
(5/18/05 00:38:30) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/18/05 00:38:30) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D13326-F97F-4C8B-8C66-E914B637FC65} (deleted)
(5/18/05 00:38:30) BHO-Key: HKCR\CLSID\{F0D13326-F97F-4C8B-8C66-E914B637FC65} (deleted)
(5/18/05 00:38:30) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(5/18/05 00:38:30) UBF: 4 - UBB: 0 - UBR: 22
(5/18/05 00:38:30) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/18/05 00:38:30) Stealth-String not found
(5/18/05 00:38:31) File added to delete: c:\windows\system\lije.dll
(5/18/05 00:38:31) File added to delete: c:\windows\temp\se.dll
(5/18/05 00:38:31) Reboot
(5/18/05 00:41:54) SPSeHjFix 2nd Step
(5/18/05 00:41:55) Stealth-String not present. Disinfection succesfully
(5/18/05 00:42:04) Cleaned


--------------

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 00:46:45, on 18/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\ARQUIVOS DE PROGRAMAS\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {13F3288A-FCBF-4B30-BF6A-BC85BD10379C} - C:\WINDOWS\SYSTEM\LIJE.DLL (file missing)
O2 - BHO: (no name) - {F0D13326-F97F-4C8B-8C66-E914B637FC65} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O18 - Filter: text/html - {29574BF5-2FE6-4C16-9529-2E4A929E1B5E} - C:\WINDOWS\SYSTEM\LIJE.DLL
O18 - Filter: text/plain - {29574BF5-2FE6-4C16-9529-2E4A929E1B5E} - C:\WINDOWS\SYSTEM\LIJE.DLL
  • 0

#6
don77
Posted 18 May 2005 - 04:53 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
  • I see that you have Spybot's TeaTimer running. While this is a very helpful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  • Open Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
  • Restart your computer.
  • Be sure you enable TeaTimer once we have cleaned your system.
  • Download and install Cleanup



  • Dowload the following program
    CWShredder
    It should be the current version, but check for updates
    “Don’t run it yet”


  • Please download and install Ad-aware.
    Setting up Ad-aware- please make sure you update it first


  • Make sure you can view all View all Hidden Files/Folders



  • Next,. Reboot into SAFE MODE

    Please restart HJT put a check next to the following if they still exist, close all open windows and click “fix.checked”

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {13F3288A-FCBF-4B30-BF6A-BC85BD10379C} - C:\WINDOWS\SYSTEM\LIJE.DLL (file missing)
    O2 - BHO: (no name) - {F0D13326-F97F-4C8B-8C66-E914B637FC65} - (no file)
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O18 - Filter: text/html - {29574BF5-2FE6-4C16-9529-2E4A929E1B5E} - C:\WINDOWS\SYSTEM\LIJE.DLL
    O18 - Filter: text/plain - {29574BF5-2FE6-4C16-9529-2E4A929E1B5E} - C:\WINDOWS\SYSTEM\LIJE.DLL
  • Search for and delete the following Files/Folders in BOLD if still present


    C:\WINDOWS\SYSTEM\LIJE.DLL
  • While still in safe mode

  • Run Program cwshredder and have it fix anything it finds.
    Make sure you click the “Fix” button


  • Open Cleanup! Click on clean up now and let it run,
    When it has finished click NO to reboot now.

  • Scan with AdAware have it remove what it finds

  • Restart your computer,

  • Post back a fresh HJT log please

  • 0

#7
ERW
Posted 18 May 2005 - 11:06 AM

ERW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks! I completed everything successfully!


---------

Logfile of HijackThis v1.99.1
Scan saved at 13:47:17, on 18/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
  • 0

#8
don77
Posted 18 May 2005 - 06:03 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Looks much better, How is the computer running ?


Please restart HJT put a check next to the following if they still exist, close all open windows and click “fix.checked”

O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E495699-4920-4FDA-8755-DFD4CD3199D3} - C:\WINDOWS\SYSTEM\WLDR.DLL (file missing) (HKCU)


Reboot,

Run this online virus scan: ActiveScan - Save the results from the scan!

Post back the scan results,
Post a new HiJackThis log
  • 0

#9
ERW
Posted 19 May 2005 - 04:20 AM

ERW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It's running alot better now! Very smoothly. And the reboot time has GREATLY decreased! :tazz:

Activescan found 1 object:

Incident        Status          Location             

Adware:Adware/CWS.HomeSearchAsisstant
No disinfected                            Windows Registry


------------

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 07:05:38, on 19/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\ARQUIVOS DE PROGRAMAS\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE
C:\ARQUIVOS DE PROGRAMAS\ESET\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MEUS DOCUMENTOS\DOWNLOAD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.itelefonica.terra.com.br/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE /O
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\ARQUIVOS DE PROGRAMAS\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\ARQUIV~1\ARQUIV~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Arquivos de programas\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Reboot.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ARQUIV~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#10
don77
Posted 19 May 2005 - 05:15 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thats good news,

You log is now clean, You ran both CWShredder and Ad-aware ?
  • 0

#11
ERW
Posted 19 May 2005 - 09:05 AM

ERW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yes, but I just finished scanning with Spybot and it detected something Search Assistant related that Ad-Aware and CWShredder didn’t. So I rescanned with Activescan and it didn’t find anything…

Well, I guess that takes care of that!


Thank you sooooooooooo much for your wonderful help! ;)
Keep up the excellent work!

I’ll get to the donations as soon as I can. :tazz:
  • 0

#12
don77
Posted 19 May 2005 - 03:07 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Your very welcome ERW

Yes, but I just finished scanning with Spybot and it detected something Search Assistant related that Ad-Aware and CWShredder didn’t. So I rescanned with Activescan and it didn’t find anything…

Thats why we recommend using both as one will find stuff the other may miss,

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,


Good Luck,

Don,


As this topic is resolved it will now be closed, Should you have any further problems and need it opened please pm a memebr of the staff with a link to the topic
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP