Results 1 to 7 of 7

Thread: getting it back together after spyware/virus removal

  1. 2006-09-30, 15:30 #1
    chris
    chris is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    belgium
    Posts
    7

    Default getting it back together after spyware/virus removal

    I got infected so that windows wouldn't start any longer, not in any mode (as soon as the window xp screen showed, I got a blue screen with some exception text - too briefly to read - and then automatic reboot ...

    I had to "factory restore" windows to its begin version (xp sp1), just to be able to run windows and find out what was going on :

    first I ran spybotS&D untill no more red entries appeared
    then i ran Kaspersky online

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, September 27, 2006 11:07:13 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 27/09/2006
    Kaspersky Anti-Virus database records: 213624
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 77652
    Number of viruses found: 5
    Number of infected objects: 19 / 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:55:34

    Infected Object Name / Virus Name / Last Action
    C:\cmd.hta Infected: Trojan.HTA.Zones.a skipped
    C:\Documents and Settings\Default User\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class Infected: Trojan.Java.Nocheat skipped
    C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.k skipped
    C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/NewClasssss.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip ZIP: infected - 2 skipped
    C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.i skipped
    C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class Infected: Trojan.Java.Nocheat skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.k skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/NewClasssss.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip ZIP: infected - 2 skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.i skipped
    C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Eigenaar\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Eigenaar\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Eigenaar\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
    C:\WINDOWS\Debug\oakley.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class Infected: Trojan.Java.Nocheat skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/Beyond.class Infected: Trojan-Dropper.Java.Beyond.k skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip/NewClasssss.class Infected: Exploit.Java.ByteVerify skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip ZIP: infected - 2 skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.i skipped
    C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip ZIP: infected - 1 skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    Scan process completed.
    -----------------------------------

    CONTINUED IN REPLY ...
  2. 2006-09-30, 15:39 #2
    chris
    chris is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    belgium
    Posts
    7

    Default

    then I ran Activescan

    Incident Status Location

    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[NewClasssss.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\Counters.jar-6af29691-167727c4.zip[Gummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\loader.jar-2268c161-7e153185.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\loader.jar-527a2adf-141fa6ed.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Default User\.jpi_cache\jar\1.0\nocheat.jar-2718a0ba-52a5aa8b.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[NewClasssss.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\Counters.jar-6af29691-167727c4.zip[Gummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\loader.jar-2268c161-7e153185.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\loader.jar-527a2adf-141fa6ed.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Eigenaar\.jpi_cache\jar\1.0\nocheat.jar-2718a0ba-52a5aa8b.zip[Dummy.class]
    Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\file\1.0\ok.class-37873617-3edee04a.class
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\counter.zip-408709b2-689b4766.zip[NewClasssss.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\Counters.jar-6af29691-167727c4.zip[Gummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\loader.jar-2268c161-7e153185.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\loader.jar-41137b0b-7fa85dbe.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\loader.jar-527a2adf-141fa6ed.zip[Dummy.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\WINDOWS\system32\config\systemprofile\.jpi_cache\jar\1.0\nocheat.jar-2718a0ba-52a5aa8b.zip[Dummy.class]
    -------------------------

    I used Avast AV to clean up, and that apparently (?) did the job. I didn't configure it properly, so that I didn't get a log about the cleanup, though

    anyway after all that, i didn't see any more strange behaviour, and i started updating windows again. Now i arrived to the point where i have to install SP2 and would appreciate your thumbs up to go ahead with that

    Here is my recent HJT log :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:31:49, on 30/09/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijack this\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159563385015
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    I would appreciate if you could look this over, and see if all is OK, or if more needs to be done before I can go ahead with sp2

    thanks a lot for your time !
    chris
  3. 2006-10-04, 23:32 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello,

    If you have not resolved the problem, we have this sticky topic:

    If you have waited four days for advice post here.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  4. 2006-10-05, 20:30 #4
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Your Hijackthis log looks fine

    Your acrobat reader should be updated
    Update suns java manualy
    Sun Java "Java Runtime Environment (JRE) 5.0 Update 9" is Available:
    http://forums.spybot.info/showpost.p...80&postcount=2
    It's very important to uninstall the old version's via addremove programs.
    Clear Sunjava"s cache weekly or bi monthly
    > control panel java-plugin > cache tab > hit clear!
    For the newer version's 1.5.xx > control panel > Java click "delete temps files".
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006
  5. 2006-10-06, 10:35 #5
    chris
    chris is offline
    Junior Member
    Join Date
    Dec 2005
    Location
    belgium
    Posts
    7

    Default resolved ... pls archive

    Dear Lonny,

    thanks a lot for your thumbs up and updating advice : all done already !

  6. 2006-10-06, 10:54 #6
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default



    Think Prevention: Put in place a good hosts file
    http://www.mvps.org/winhelp2002/hosts.htm
    How To Download and Extract the HOSTS file:
    http://www.mvps.org/winhelp2002/hosts2.htm
    Repeat that proccess about once or twice a month

    To help avoid reinfection see "So how did I get infected in the first place?"
    http://forums.spybot.info/showthread.php?t=279
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006
  7. 2006-10-12, 22:34 #7
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    As the problem appears to be resolved this topic has been archived.

    If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

    Glad we could help.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules