Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud That Keeps Returning!


  • Please log in to reply
8 replies to this topic

#1 allenleonhart

allenleonhart

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 25 November 2007 - 04:00 AM

i have a problem with my computer after downloading a infected codec by ccident.

i had tried to remove it with smitfix, cccleaner and rogue remover, but it still appears everytime i reboot my computer.

pls help me and thank you!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:22 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSVPS System - {C6C7C348-C2F9-4465-9B41-121C467CC4E5} - C:\WINDOWS\popnetgqt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} - http://static.35mb.com/applet/applet_o.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O21 - SSODL: rmvgor - {3B0A7AA1-1AD3-4166-946E-EEEEE5FAA96A} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: sapnet - {A210A52F-817B-45D3-83FB-A0314D87244A} - C:\WINDOWS\sapnet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8682 bytes

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:23 AM

Posted 25 November 2007 - 06:36 AM

Hi Allenleonhart!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.

Edited by Baabiouz, 25 November 2007 - 06:36 AM.

Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:23 AM

Posted 25 November 2007 - 11:05 AM

Hi!

#1
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#2
Please, post Smitfraudfix report back here :thumbsup:
Posted Image

#4 allenleonhart

allenleonhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 25 November 2007 - 09:23 PM

HIIES baabious!

i kinda fixed it yesterday!

turned out to b a registry that was affected. the virus didn't reappear yesterday!

so basically this was wad i did...

i booted the computer in safe mood, ran smitfraudfix. then i used superantispyware to rid the affected files.

i also ran registry repair wizard and the virus got killed(i hope):thumbsup:

nonetheless, can u help me check to b sure?



SmitFraudFix v2.255

Scan done at 10:22:52.96, Mon 11/26/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS

C:\WINDOWS\rmvgor.dll FOUND !
C:\WINDOWS\sapnet.dll FOUND !

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\user


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\user\Application Data


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\user\FAVORI~1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Rustock



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

Description: Hamachi Network Interface
DNS Server Search Order: 192.168.1.254

Description: Linksys Wireless-B USB Network Adapter v2.8 #5 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Linksys Wireless-B USB Network Adapter v2.8 #5 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Linksys Wireless-B USB Network Adapter v2.8 #5 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5970482A-1F62-4D65-BDB5-F77C91BAC0A7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{90E304C2-D1BF-41DF-974D-F495FA1673D1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ACB995CA-CE26-4296-B6E2-C3191F154EB6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9BC503F-052C-462C-9185-41168884BD7F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5970482A-1F62-4D65-BDB5-F77C91BAC0A7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{90E304C2-D1BF-41DF-974D-F495FA1673D1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ACB995CA-CE26-4296-B6E2-C3191F154EB6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B9BC503F-052C-462C-9185-41168884BD7F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5970482A-1F62-4D65-BDB5-F77C91BAC0A7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B9BC503F-052C-462C-9185-41168884BD7F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5970482A-1F62-4D65-BDB5-F77C91BAC0A7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{90E304C2-D1BF-41DF-974D-F495FA1673D1}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{ACB995CA-CE26-4296-B6E2-C3191F154EB6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B9BC503F-052C-462C-9185-41168884BD7F}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:22 AM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\anti virus, hackers and stuff\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8156 bytes

Edited by allenleonhart, 25 November 2007 - 09:26 PM.


#5 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:23 AM

Posted 26 November 2007 - 01:08 PM

Hi

Your log looks fine, there is only one bad line and your Java-version is old :blink:

#1
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose ES. Once it has fixed them, please exit/close HijackThis.

#2
Have you uninstalled Symantec ?
There is one service left from it. Let's delete it:

1. Click Start > Run > type: sc stop "Symantec Core LC" > OK
2. Click Start > Run > type: sc delete "Symantec Core LC" > OK

#3
Please make sure that you can view all hidden files.
How to see hidden files in Windows

Let's run ATF-Cleaner and scan your computer;

Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.
This program is for XP and Windows 2000 only!

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
AVG Anti-Spyware
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
#4
In safe mode, First please delete this folder:

C:\Program Files\Common Files\-->Symantec Shared<--

#5
Still in safe mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

#6
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
#7
Please, post a fresh hijackthis log and AVG Anti-Spyware results back here :thumbsup:
Posted Image

#6 allenleonhart

allenleonhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 30 November 2007 - 05:57 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:30 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\user\Desktop\anti virus, hackers and stuff\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7703 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:53:27 PM 11/30/2007

+ Scan result:



HKU\S-1-5-21-1709136994-2018322775-2885428501-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1709136994-2018322775-2885428501-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Ignored.
C:\WINDOWS\system32\comploader.dll -> Adware.Sohu : Ignored.
C:\System Volume Information\_restore{66109266-85A8-4CB2-9A56-0E45CB927CD5}\RP4\A0004486.exe -> Downloader.Zlob.ego : Ignored.
:mozilla.115:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.118:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.119:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.120:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.121:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.122:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.123:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.124:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.125:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.126:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.127:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.128:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.145:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.146:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.147:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.148:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.149:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.150:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.151:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.159:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
:mozilla.161:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
:mozilla.163:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adengage : Ignored.
:mozilla.247:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.
:mozilla.361:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.183:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.184:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.185:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.175:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.186:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.187:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.188:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.66:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.67:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.74:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.45:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.46:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.47:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.48:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.318:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.
:mozilla.215:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.216:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.217:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.463:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.388:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Hotlog : Ignored.
:mozilla.219:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.220:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.
:mozilla.26:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Navrcholu : Ignored.
:mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Navrcholu : Ignored.
:mozilla.272:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Onestat : Ignored.
:mozilla.273:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Onestat : Ignored.
:mozilla.250:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.338:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.339:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.340:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.341:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.342:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.343:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.344:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.359:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.360:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.181:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.182:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Revsci : Ignored.
:mozilla.129:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.130:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.131:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.132:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.133:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.134:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.135:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.41:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.42:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.43:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.107:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.108:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.111:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.138:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.
:mozilla.253:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.254:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.255:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.256:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.257:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.104:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.274:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored.
:mozilla.347:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yadro : Ignored.
:mozilla.31:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.32:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.33:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.34:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.35:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.36:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pkeotztu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.


::Report end



oh yea!

OPPS!!! I DELETED INSTEAD OF QUARANTINE!!!

but it doesn't matter i hope:P

#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:23 AM

Posted 01 December 2007 - 02:30 PM

Hi!

Did you remove ESET NOD32 Antivirus?
Now you don't have antivirus and firewall.

#1
Please read this next text and download firewall:

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Understanding and Using Firewalls

#2
Please read also next text and download antivirus:

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install it and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

#3
Please post a fresh hijackthis log and tell me do you have problems :thumbsup:
Posted Image

#8 allenleonhart

allenleonhart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 December 2007 - 05:33 AM

okkies...

i swapped to avg the very moment u asked me... cause eset rc1 was over and eset is not releasing any more freebies:)

i installed comodo firewall cause i used to use it... just that the alerts are very irritating... a good firewall though...


here's the log!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:26 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\anti virus, hackers and stuff\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8318 bytes


and thank u so much baabiouz! u saved my com!

#9 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:23 AM

Posted 02 December 2007 - 09:15 AM

Hi!

AVG Anti-Spyware is not same as AVG Free...
I use Antivir and I think Antivir would be good for you :blink:

After installing antivirus your computer is ok.

and thank u so much baabiouz! u saved my com!

You're welcome :thumbsup:

Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users