Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished) » Malware problem- HJTlog
 
Page 1 of 4 1 23 Last »
LinkBack Thread Tools Display Modes
 
Old 04-24-2007, 01:05 PM   #1 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog
Hi, can you please check my HJTlog. I had a huge malware problem and I'm not sure if everything is clean. I had followed the Warez Monster's guide and performed the scans (thread posted here Smitfraud-C Toolbar )
I also ran few more antispyware/antivirus programs in addition to that and here is short list of things found on my computer:
Trojan.Rootkit.TNCore, Trojan.Downloader.Agent.EQ, Backdoor.Thunk.E, Adware Vundo Variant (all found by Superantispyware), Trojan-phisher-egold, Virtuomonde, Core Adware, Trojan-Relayer-himpax (found by Spy Sweeper), and SpamTool Win32Agent.u disinfected by Kaspersky
I will post a log as I am not sure if all the things are gone or not. Sometimes after restarting the same thing comes up when doing scan even it was disinfected before. Thankx for advice
microfunk is offline  
Old 04-24-2007, 01:06 PM   #2 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog 1)
Logfile of HijackThis v1.99.1
Scan saved at 18:29:54, on 24.4.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\wincmd\TOTALCMD.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - (no file)
O2 - BHO: (no name) - {356BD8A0-4535-3DE9-3874-3D31B0C1FAEE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C45E74B8-E82E-9CA9-7B90-C39E8B645FBD} - (no file)
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] "C:\Program Files\UnHackMe\hackmon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
microfunk is offline  
Old 04-24-2007, 01:08 PM   #3 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog 2)
O8 - Extra context menu item: &ICQ Toolbar Search - res://Crogram FilesICQToolbartoolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - Crogram FilesDealiokb103resDealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_09binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_09binssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - Crogram FilesATI MultimediadtvEXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Crogram FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Crogram FilesICQLiteICQLite.exe
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174846229375
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: !SASWinLogon - Crogram FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - Crogram FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe
O23 - Service: EKJTZM - Unknown owner - COCUME~1MICROF~1LOCALS~1TempEKJTZM.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: LSIEEDFDL - Unknown owner - COCUME~1MICROF~1LOCALS~1TempLSIEEDFDL.exe (file missing)
O23 - Service: PBWUCXROFB - Unknown owner - COCUME~1MICROF~1LOCALS~1TempPBWUCXROFB.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - Crogram FilesSpyware Doctorsvcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - Crogram FilesSpyware Doctorswdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - Crogram FilesWebrootSpy SweeperSpySweeper.exe
O23 - Service: YC - Unknown owner - COCUME~1MICROF~1LOCALS~1TempYC.exe (file missing)
microfunk is offline  
Old 04-24-2007, 01:15 PM   #4 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog-startup
I will post the startup log as well, I know there is a lot of stuff loading up on startup which I want to get rid off.
Attached Files
File Type: txt startup_1.txt (11.8 KB, 55 views)
microfunk is offline  
Old 04-24-2007, 01:19 PM   #5 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog-startup-2
there is part 2
Attached Files
File Type: txt startup_2.txt (13.9 KB, 67 views)
microfunk is offline  
Old 04-24-2007, 01:20 PM   #6 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Malware problem- HJTlog-startup 3
and the last one. :laughing: Thanx again
Attached Files
File Type: txt startup_3.txt (13.2 KB, 343 views)
microfunk is offline  
Old 04-24-2007, 11:41 PM   #7 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,065

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Malware problem- HJTlog
Reboot into safemode
run hijackthis and
remove these entries

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: (no name) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - (no file)

O2 - BHO: (no name) - {356BD8A0-4535-3DE9-3874-3D31B0C1FAEE} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)


O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)

O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

O2 - BHO: (no name) - {C45E74B8-E82E-9CA9-7B90-C39E8B645FBD} - (no file)

O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - (no file)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

O20 - Winlogon Notify: !SASWinLogon - Crogram FilesSUPERAntiSpywareSASWINLO.dll

O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll

O23 - Service: LSIEEDFDL - Unknown owner - COCUME~1MICROF~1LOCALS~1TempLSIEEDFDL.exe (file missing)

O23 - Service: PBWUCXROFB - Unknown owner - COCUME~1MICROF~1LOCALS~1TempPBWUCXROFB.exe (file missing)

O23 - Service: YC - Unknown owner - COCUME~1MICROF~1LOCALS~1TempYC.exe (file missing)

Then follow this below

Download This program by clicking on the link: VirtumundoBeGone.exe [94.7 KB]
Run the program and follow the directions. Make sure you save all your work before!
If the virus is detected it will force you to restart your computer right away.


Now post a new log from hijackthis
__________________
Osiris is online now  
Old 04-25-2007, 08:43 AM   #8 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Re: Malware problem- HJTlog
Thank you, there is a new HJT log and I also post an log from VirtuomundoBeGone.

Logfile of HijackThis v1.99.1
Scan saved at 14:38:46, on 25.4.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - (no file)
O2 - BHO: (no name) - {356BD8A0-4535-3DE9-3874-3D31B0C1FAEE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C45E74B8-E82E-9CA9-7B90-C39E8B645FBD} - (no file)
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174846229375
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
microfunk is offline  
Old 04-25-2007, 08:44 AM   #9 (permalink)
 
Newb Techie

Join Date: Apr 2007

Posts: 25

microfunk is on a distinguished road

Send a message via Skype™ to microfunk
Default Re: Malware problem- HJTlog
run in safe mode

[04/25/2007, 14:30:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\microfunk\Plocha\VirtumundoBeGone.exe" )
[04/25/2007, 14:30:25] - Detected System Information:
[04/25/2007, 14:30:25] - Windows Version: 5.1.2600, Service Pack 1
[04/25/2007, 14:30:25] - Current Username: microfunk (Admin)
[04/25/2007, 14:30:25] - Windows is in SAFE mode with Networking.
[04/25/2007, 14:30:25] - Searching for Browser Helper Objects:
[04/25/2007, 14:30:25] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/25/2007, 14:30:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/25/2007, 14:30:25] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/25/2007, 14:30:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:30:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/25/2007, 14:30:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/25/2007, 14:30:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/25/2007, 14:30:25] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[04/25/2007, 14:30:25] - Finished Searching Browser Helper Objects
[04/25/2007, 14:30:25] - Finishing up...
[04/25/2007, 14:30:25] - Nothing found! Exiting...

run in normal mode

[04/25/2007, 14:37:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\microfunk\Plocha\VirtumundoBeGone.exe" )
[04/25/2007, 14:37:08] - Detected System Information:
[04/25/2007, 14:37:08] - Windows Version: 5.1.2600, Service Pack 1
[04/25/2007, 14:37:08] - Current Username: microfunk (Admin)
[04/25/2007, 14:37:08] - Windows is in NORMAL mode.
[04/25/2007, 14:37:08] - Searching for Browser Helper Objects:
[04/25/2007, 14:37:08] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/25/2007, 14:37:08] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[04/25/2007, 14:37:08] - BHO 3: {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 4: {356BD8A0-4535-3DE9-3874-3D31B0C1FAEE} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/25/2007, 14:37:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/25/2007, 14:37:08] - BHO 6: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 7: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 8: {6A87B991-A31F-4130-AE72-6D0C294BF082} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/25/2007, 14:37:08] - BHO 10: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[04/25/2007, 14:37:08] - BHO 11: {C45E74B8-E82E-9CA9-7B90-C39E8B645FBD} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - BHO 12: {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} ()
[04/25/2007, 14:37:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/25/2007, 14:37:08] - No filename found. Continuing.
[04/25/2007, 14:37:08] - Finished Searching Browser Helper Objects
[04/25/2007, 14:37:08] - Finishing up...
[04/25/2007, 14:37:08] - Nothing found! Exiting...
microfunk is offline  
Old 04-25-2007, 08:57 AM   #10 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,065

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Malware problem- HJTlog
are you still getting a lot of popups?

run this tool

Bleeping Computer Downloads: SmitFraudFix

Automated Removal Instructions for SpyDawn:
  1. <LI nd="5">Print out these instructions as we will need to close every window that is open later in the fix.

    <LI nd="6">Download SmitfraudFix.exe from here and save it to your desktop:

    SmitFraudFix.exeConfirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:

    http://img.bleepingcomputer.com/swr-...x/sff-icon.gif


    <LI nd="7">Next, please reboot your computer into Safe Mode by doing the following:
    1. <LI nd="8">Restart your computer

      <LI nd="9">After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

      <LI nd="10">Instead of Windows loading as normal, a menu should appear

      <LI nd="11">Select the first option, to run Windows in Safe Mode.
    2. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.
    <LI nd="13">When your computer has started in safe mode, and you see the desktop, close all open Windows.

    <LI nd="14">Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:

    http://img.bleepingcomputer.com/swr-...x/sff-icon.gif

    <LI nd="15">When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

    <LI nd="16">You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).


    http://img.bleepingcomputer.com/swr-...udfix/menu.jpg

    <LI nd="17">The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.


    http://img.bleepingcomputer.com/swr-...smitrem/dc.jpg


    This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.

    <LI nd="18">When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.


    <LI nd="19">When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
  2. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.

__________________
Osiris is online now  
 
 
Page 1 of 4 1 23 Last »

« Hijack this(log) | Internet keeps freezing!! »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chronic Rebooting Problem AND_YOU_ARE Hardware Troubleshooting 1 04-24-2007 06:04 PM
Problem with my hardware responding to my computer. Carl133 Hardware Troubleshooting 1 04-23-2007 09:21 PM
Very strange computer problem fangs2000 Hardware Troubleshooting 1 04-20-2007 09:52 PM
HDD problem I think? lee2001notts Hardware Troubleshooting 6 04-13-2007 01:10 PM
Hardware problem fufonzo Hardware Troubleshooting 1 04-09-2007 10:38 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 07:47 PM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered