Report Hijackthis Log in Malware Removal Posted October 11, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:14 PM, on 10/10/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)Boot mode: NormalRunning processes:D:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACA.EXED:\Program Files (x86)\DNA\btdna.exeD:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeD:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exeD:\Program Files (x86)\PowerISO\PWRISOVM.EXED:\Program Files (x86)\BroadJump\Client Foundation\CFD.exeD:\Program Files\SBC Self Support Tool\bin\mpbtn.exeD:\PROGRA~2\Yahoo!\browser\ybrwicon.exeD:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeD:\PROGRA~2\Yahoo!\browser\ycommon.exeD:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exeD:\Program Files (x86)\Java\jre1.6.0_02\bin\jucheck.exeD:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exeD:\PROGRA~2\AVG\AVG8\avgwdsvc.exeD:\PROGRA~2\AVG\AVG8\avgemc.exeD:\Program Files (x86)\AVG\AVG8\avgtray.exeD:\Program Files (x86)\AVG\AVG8\avgui.exeD:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{806862ED-A6E7-4EB1-95B7-D6CD023D9DB6}\VistaStart1.3.exeD:\Documents and Settings\Administrator\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013.com/congrat...ter_scanner.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1F2 - REG:system.ini: UserInit=userinitO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG8\avgssie.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files (x86)\Yahoo!\common\YIeTagBm.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dllO4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [PWRISOVM.EXE] "D:\Program Files (x86)\PowerISO\PWRISOVM.EXE"O4 - HKLM\..\Run: [bJCFD] "D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~2\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~2\AVG\AVG8\avgtray.exeO4 - HKLM\..\RunOnce: [uninstall getPlusĀ® for Adobe] "D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarpO4 - HKCU\..\Run: [Yahoo! Pager] 1O4 - HKCU\..\Run: [bitTorrent DNA] "D:\Program Files (x86)\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Global Startup: SBC Self Support Tool.lnk = D:\Program Files\SBC Self Support Tool\bin\matcli.exeO9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files (x86)\Yahoo!\common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG8\avgpp.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgwdsvc.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exeO23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\system32\nvsvc64.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)--End of file - 8330 bytes
Hijackthis Log
in Malware Removal
Posted
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:14 PM, on 10/10/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal
Running processes:
D:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACA.EXE
D:\Program Files (x86)\DNA\btdna.exe
D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files (x86)\PowerISO\PWRISOVM.EXE
D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe
D:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
D:\PROGRA~2\Yahoo!\browser\ybrwicon.exe
D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
D:\PROGRA~2\Yahoo!\browser\ycommon.exe
D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files (x86)\Java\jre1.6.0_02\bin\jucheck.exe
D:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exe
D:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~2\AVG\AVG8\avgemc.exe
D:\Program Files (x86)\AVG\AVG8\avgtray.exe
D:\Program Files (x86)\AVG\AVG8\avgui.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{806862ED-A6E7-4EB1-95B7-D6CD023D9DB6}\VistaStart1.3.exe
D:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013.com/congrat...ter_scanner.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files (x86)\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PWRISOVM.EXE] "D:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [bJCFD] "D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~2\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [uninstall getPlusĀ® for Adobe] "D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [bitTorrent DNA] "D:\Program Files (x86)\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: SBC Self Support Tool.lnk = D:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files (x86)\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 8330 bytes