muaricio

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by muaricio

  1. Hijackthis Log

    in Malware Removal

    Posted

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:50:14 PM, on 10/10/2008

    Platform: Windows 2003 SP2 (WinNT 5.02.3790)

    MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

    Boot mode: Normal

    Running processes:

    D:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACA.EXE

    D:\Program Files (x86)\DNA\btdna.exe

    D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

    D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe

    D:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe

    D:\Program Files\SBC Self Support Tool\bin\mpbtn.exe

    D:\PROGRA~2\Yahoo!\browser\ybrwicon.exe

    D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

    D:\PROGRA~2\Yahoo!\browser\ycommon.exe

    D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe

    D:\Program Files (x86)\Java\jre1.6.0_02\bin\jucheck.exe

    D:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exe

    D:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

    D:\PROGRA~2\AVG\AVG8\avgemc.exe

    D:\Program Files (x86)\AVG\AVG8\avgtray.exe

    D:\Program Files (x86)\AVG\AVG8\avgui.exe

    D:\Program Files (x86)\Mozilla Firefox\firefox.exe

    D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{806862ED-A6E7-4EB1-95B7-D6CD023D9DB6}\VistaStart1.3.exe

    D:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.sbc.com/dsl

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013.com/congrat...ter_scanner.php

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    F2 - REG:system.ini: UserInit=userinit

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG8\avgssie.dll

    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dll

    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files (x86)\Yahoo!\common\YIeTagBm.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dll

    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dll

    O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [PWRISOVM.EXE] "D:\Program Files (x86)\PowerISO\PWRISOVM.EXE"

    O4 - HKLM\..\Run: [bJCFD] "D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"

    O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~2\Yahoo!\browser\ybrwicon.exe

    O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~2\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\RunOnce: [uninstall getPlusĀ® for Adobe] "D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp

    O4 - HKCU\..\Run: [Yahoo! Pager] 1

    O4 - HKCU\..\Run: [bitTorrent DNA] "D:\Program Files (x86)\DNA\btdna.exe"

    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

    O4 - Global Startup: SBC Self Support Tool.lnk = D:\Program Files\SBC Self Support Tool\bin\matcli.exe

    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files (x86)\Yahoo!\common\yinsthelper.dll

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG8\avgpp.dll

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)

    O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)

    O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe

    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)

    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)

    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)

    O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\system32\nvsvc64.exe (file missing)

    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)

    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)

    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)

    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    --

    End of file - 8330 bytes