Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log/for Your Scrutiny


  • Please log in to reply
11 replies to this topic

#1 Mmurlan

Mmurlan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 28 April 2007 - 12:40 PM

Here is a copy of my last Hijack this Log, could I ask that some one look at it and let me know if I have any problems. I know that the entry Trustin is a problem thou I have no idea how to solve it. Thank you in advance for any solutions you may have.
Mmurlan

Logfile of HijackThis v1.99.1
Scan saved at 10:50:39, on 4/28/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Hijack this\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\aaaamonb.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\Dad\LOCALS~1\Temp\crtdsp.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 28 April 2007 - 05:36 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 06 May 2007 - 08:20 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 30 May 2007 - 07:03 AM

Topic re-opened at user request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Mmurlan

Mmurlan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 June 2007 - 12:28 AM

my combo fix log as requested

"Dad" - 2007-05-26 20:00:05 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Dad\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-26 19:30 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-26 19:18 27,136 --a------ C:\WINDOWS\3_cad.exe
2007-05-26 19:18 21,504 --a------ C:\WINDOWS\system32\ciadminv.dll
2007-05-25 09:36 21,504 --a------ C:\WINDOWS\system32\cfgmgr32vv.dll
2007-05-23 20:41 21,504 --a------ C:\WINDOWS\system32\atkctrsvb.dll
2007-05-22 20:17 21,504 --a------ C:\WINDOWS\system32\cfgbkends.dll
2007-05-21 12:11 21,504 --a------ C:\WINDOWS\system32\cfgmgr32v.dll
2007-05-18 18:54 21,504 --a------ C:\WINDOWS\system32\clbcatqa.dll
2007-05-17 01:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-17 01:56 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-17 01:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-17 01:55 <DIR> d-------- C:\ebf8a212a978893d539504df
2007-05-13 12:53 21,504 --a------ C:\WINDOWS\system32\atkctrsv.dll
2007-05-08 18:54 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-05-08 18:52 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2007-05-08 18:52 86,016 --a------ C:\WINDOWS\SoundMan.exe
2007-05-08 18:52 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-05-08 18:52 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-08 18:52 4,402,176 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-05-08 18:52 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2007-05-08 18:52 2,157,568 --a------ C:\WINDOWS\MicCal.exe
2007-05-08 18:52 16,132,608 --a------ C:\WINDOWS\RTHDCPL.exe
2007-05-08 18:52 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2007-05-08 18:51 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-05-08 18:51 315,392 --a------ C:\WINDOWS\HideWin.exe
2007-05-05 17:45 21,504 --a------ C:\WINDOWS\system32\alrsvcv.dll
2007-05-04 08:40 21,504 --a------ C:\WINDOWS\system32\cicv.dll
2007-04-30 15:43 21,504 --a------ C:\WINDOWS\system32\adsnts.dll
2007-04-28 16:22 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-28 16:22 <DIR> d-------- C:\Program Files\Common Files\Protexis
2007-04-28 16:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-04-28 16:21 <DIR> d-------- C:\Program Files\TrustIn Contextual


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-27 01:42:57 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-22 12:17:07 -------- d-----w C:\Program Files\World of Warcraft
2007-05-09 00:52:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-09 00:52:00 -------- d-----w C:\Program Files\Realtek
2007-05-08 01:26:01 21,504 ----a-w C:\WINDOWS\system32\blackboxs.dll
2007-05-04 14:40:01 20,992 ----a-w C:\WINDOWS\se_spoof.dll
2007-04-28 22:22:51 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\My Battle for Middle-earth™ II Files
2007-04-21 21:33:19 -------- d-----w C:\Program Files\Common Files\iS3
2007-04-20 04:15:44 21,504 ----a-w C:\WINDOWS\system32\bitsprx3v.dll
2007-04-20 04:04:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-20 04:04:07 88 --sh--r C:\WINDOWS\system32\B11DEDCDE7.sys
2007-04-19 04:17:04 -------- d-----w C:\Program Files\Serif
2007-04-19 03:49:14 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\Corel
2007-04-19 03:48:53 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-19 03:48:04 -------- d-----w C:\Program Files\Corel
2007-04-19 03:48:04 -------- d-----w C:\Program Files\Common Files\Corel
2007-04-19 02:07:06 21,504 ----a-w C:\WINDOWS\system32\cfgmgr32s.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 03:46:23 21,504 ----a-w C:\WINDOWS\system32\cnbjmona.dll
2007-04-14 17:36:28 21,504 ----a-w C:\WINDOWS\system32\cabineta.dll
2007-04-13 21:36:14 1,822,720 ----a-w C:\WINDOWS\SkyTel.exe
2007-04-07 03:44:34 21,504 ----a-w C:\WINDOWS\system32\cabviewb.dll
2007-04-06 22:01:03 -------- d-----w C:\Program Files\Electronic Arts
2007-04-02 00:00:29 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-04-01 23:46:33 -------- d-----w C:\Program Files\Ubisoft
2007-03-31 14:33:43 21,504 ----a-w C:\WINDOWS\system32\acledits.dll
2007-03-30 02:56:30 -------- d-----w C:\DOCUME~1\Dad\APPLIC~1\Ventrilo
2007-03-23 01:01:05 21,504 ----a-w C:\WINDOWS\system32\bidispla.dll
2007-03-23 01:01:03 22,016 ----a-w C:\WINDOWS\system32\mscoriezb.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 19:35:24 16,896 ----a-w C:\WINDOWS\inetloader.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{0edc6c20-a31c-11db-8ab9-0800200c9a66}=C:\WINDOWS\system32\ciadminv.dll [2007-05-26 19:18]
{631f7200-642e-11db-bd13-0800200c9a66}=C:\WINDOWS\system32\mscoriezb.dll [2007-03-22 19:01]
{D5EFDB0E-4F51-414F-B740-54A5C87A8957}=C:\DOCUME~1\Dad\LOCALS~1\Temp\crtdsp.dll []
{f015f320-ab08-11db-abbd-0800200c9a66}=C:\WINDOWS\inetloader.dll [2007-03-08 13:35]
{F67EEB12-AB09-11DB-A6F1-260856D89593}=C:\WINDOWS\se_spoof.dll [2007-05-04 08:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03]
"@"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 13:45]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 14:10]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-11-07 16:41]
"nwiz"="nwiz.exe" [2006-11-17 00:16 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 20:01:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-26 20:02:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 20:02

--- E O F ---

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 03 June 2007 - 04:39 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\ciadminv.dll
    C:\WINDOWS\system32\cfgmgr32vv.dll
    C:\WINDOWS\system32\atkctrsvb.dll
    C:\WINDOWS\system32\cfgbkends.dll
    C:\WINDOWS\system32\cfgmgr32v.dll
    C:\WINDOWS\system32\clbcatqa.dll
    C:\WINDOWS\system32\atkctrsv.dll
    C:\WINDOWS\system32\alrsvcv.dll
    C:\WINDOWS\system32\cicv.dll
    C:\WINDOWS\system32\adsnts.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.


==================


Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Mmurlan

Mmurlan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 05 June 2007 - 12:40 AM

the link you posted appears to be broken so i d/l pocket kill box from a different site seems from your description to be the same thing. Here is the log followed by the smitfraud log

Pocket Killbox version 2.0.0.881
Running on Windows XP as Dad(Administrator)
was started @ Monday, June 04, 2007, 11:25 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\ciadminv.dll


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfgmgr32vv.dll


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\atkctrsvb.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfgbkends.dll


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\cfgmgr32v.dll


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\clbcatqa.dll


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\atkctrsv.dll


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\alrsvcv.dll


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\cicv.dll


# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\adsnts.dll


I Rebooted @ 11:27:27 PM
Killbox Closed(Exit) @ 11:27:33 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Dad(Administrator)
was started @ Monday, June 04, 2007, 11:29 PM

----------------------------------------------------------------------------------------------------------

SmitFraudFix v2.192

Scan done at 23:31:45.00, 06/04/07
Run from C:\Documents and Settings\Dad\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\My Downloads\killbox(3).exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\inetloader.dll FOUND !
C:\WINDOWS\se_spoof.dll FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Dad


C:\Documents and Settings\Dad\Application Data


Start Menu


C:\DOCUME~1\Dad\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\TrustIn Contextual\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End

TY again for your time thus far

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 06 June 2007 - 06:16 AM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


================



Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.

    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Mmurlan

Mmurlan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 06 June 2007 - 10:40 AM

I am posting all reports as requested, however AVG came up with an error while in safe mode (unable to connect to service.......) there for the scan was done in normal mode, please advise if this is not acceptable.

SmitFraudFix v2.192

Scan done at 8:02:32.54, 06/06/07
Run from C:\Documents and Settings\Dad\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\inetloader.dll Deleted
C:\WINDOWS\se_spoof.dll Deleted
C:\Program Files\TrustIn Contextual\ Deleted

DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7B92630-7E95-4E3F-9BDE-5945F2C9AB19}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:01:13 6/06/07

+ Scan result:



C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP61\A0028034.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP64\A0028052.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP65\A0028100.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP66\A0028127.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029123.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP69\A0029452.exe -> Adware.Agent : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5EFDB0E-4F51-414F-B740-54A5C87A8957} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mscoriezb.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0edc6c20-a31c-11db-8ab9-0800200c9a66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{631f7200-642e-11db-bd13-0800200c9a66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631f7200-642e-11db-bd13-0800200c9a66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{631F7200-642E-11DB-BD13-0800200C9A66} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\!KillBox\adsnts.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\alrsvcv.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\atkctrsv.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\atkctrsvb.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\cfgbkends.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\cfgmgr32v.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\cfgmgr32vv.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\ciadminv.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\cicv.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\!KillBox\clbcatqa.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqb4qhu4.default\Cache(2)\7312D600d01/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\My Downloads\43214.rar/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\My Downloads\fROqZ3ZzqK(2).zip/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\My Downloads\fROqZ3ZzqK.zip/crack.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022627.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022628.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022629.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022637.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022638.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP46\A0022639.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP47\A0022664.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP47\A0022665.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP47\A0022669.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP47\A0022670.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP48\A0024768.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP48\A0024769.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP48\A0024770.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP56\A0024914.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP56\A0024915.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP56\A0024916.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP58\A0027951.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP58\A0027952.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP58\A0027958.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP58\A0027959.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP62\A0028038.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP62\A0028039.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP64\A0028069.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP64\A0028070.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP66\A0028125.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP66\A0028126.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP67\A0028140.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP67\A0028165.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP67\A0029107.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP67\A0029110.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029118.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029119.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029121.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029122.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP72\A0030503.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP72\A0030504.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP72\A0030505.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP72\A0030533.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0033592.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0033593.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0033603.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0033635.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034572.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034574.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034575.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034577.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034907.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034908.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034917.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0035090.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0035091.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0035092.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0035093.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035097.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035098.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035099.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035100.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035101.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035203.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035205.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035607.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035608.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035609.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP76\A0035652.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP77\A0035672.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP77\A0035673.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP77\A0035674.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP78\A0035703.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP79\A0035813.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP79\A0035814.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP82\A0041448.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP82\A0041449.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP91\A0043110.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP91\A0043111.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP91\A0045109.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP91\A0045110.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP91\A0045111.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045629.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045630.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045719.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045720.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045721.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045722.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045763.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045764.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045765.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045766.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045767.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045768.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045769.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045770.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045771.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045772.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045777.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045778.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0045779.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0050873.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0050874.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0050876.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP94\A0050888.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\3_cad.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\4_cha.exe -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\acledits.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bidispla.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bitsprx3v.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\blackboxs.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cabineta.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cabviewb.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cewmdma.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cfgmgr32s.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ciadminvb.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ciodma.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cnbjmona.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP47\A0022671.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP68\A0029120.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP73\A0034576.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP75\A0035204.dll -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\My Downloads\Winrar 3.62 Patch.rar/Winrar 3.62 Patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned with backup (quarantined).
C:\Program Files\WinRAR\Winrar 3.62 Patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.61:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.50:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.50:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.51:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.51:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.52:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.52:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.27:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.27:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\pqv223zb.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.6:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\cqb4qhu4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\cqb4qhu4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.8:C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\cqb4qhu4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\World of Warcraft\Interface\AddOns\trinitybars-20003-5\AutoPlacer.exe -> Trojan.Small.js : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DEC58C1F-E27D-45DA-955C-074105B87F6B}\RP69\A0029298.exe -> Trojan.Small.js : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 09:34:51, on 6/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Logitech\WebColct\webcolct.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 07 June 2007 - 07:09 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE



Delete this file, if present.

C:\WINDOWS\ALCMTR.EXE



Reboot and post a new hijackthis log.
How is your computer running now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Mmurlan

Mmurlan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 June 2007 - 07:32 AM

After every thing you have asked me to do my computer seems to be running a lot faster and I cant see any problems

Thank you VERY much for all the time you have taken to help and your timely replies, it is greatly appreciated, Mmurlan

Latest hijackthis log humm ok using 1.99.1 again, guess 2.0 is a no no lol

Logfile of HijackThis v1.99.1
Scan saved at 06:26:34, on 6/08/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:20 AM

Posted 09 June 2007 - 07:45 AM

Your log is clean! :flowers:


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :huh:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users