muaricio Posted October 11, 2008 Report Share Posted October 11, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:14 PM, on 10/10/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)Boot mode: NormalRunning processes:D:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIACA.EXED:\Program Files (x86)\DNA\btdna.exeD:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeD:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exeD:\Program Files (x86)\PowerISO\PWRISOVM.EXED:\Program Files (x86)\BroadJump\Client Foundation\CFD.exeD:\Program Files\SBC Self Support Tool\bin\mpbtn.exeD:\PROGRA~2\Yahoo!\browser\ybrwicon.exeD:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeD:\PROGRA~2\Yahoo!\browser\ycommon.exeD:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exeD:\Program Files (x86)\Java\jre1.6.0_02\bin\jucheck.exeD:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exeD:\PROGRA~2\AVG\AVG8\avgwdsvc.exeD:\PROGRA~2\AVG\AVG8\avgemc.exeD:\Program Files (x86)\AVG\AVG8\avgtray.exeD:\Program Files (x86)\AVG\AVG8\avgui.exeD:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{806862ED-A6E7-4EB1-95B7-D6CD023D9DB6}\VistaStart1.3.exeD:\Documents and Settings\Administrator\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.enigmasoftware.a013.com/congrat...ter_scanner.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1F2 - REG:system.ini: UserInit=userinitO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG8\avgssie.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files (x86)\Yahoo!\common\YIeTagBm.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files (x86)\Yahoo!\browser\YSidebarIEBHO.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~2\AVG\AVG8\avgtoolbar.dllO4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "D:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [PWRISOVM.EXE] "D:\Program Files (x86)\PowerISO\PWRISOVM.EXE"O4 - HKLM\..\Run: [bJCFD] "D:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~2\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~2\AVG\AVG8\avgtray.exeO4 - HKLM\..\RunOnce: [uninstall getPlusĀ® for Adobe] "D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarpO4 - HKCU\..\Run: [Yahoo! Pager] 1O4 - HKCU\..\Run: [bitTorrent DNA] "D:\Program Files (x86)\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Global Startup: SBC Self Support Tool.lnk = D:\Program Files\SBC Self Support Tool\bin\matcli.exeO9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files (x86)\Yahoo!\common\yiesrvc.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files (x86)\Yahoo!\common\yinsthelper.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG8\avgpp.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~2\AVG\AVG8\avgwdsvc.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing)O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - D:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exeO23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing)O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing)O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\system32\nvsvc64.exe (file missing)O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing)O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing)O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing)O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)--End of file - 8330 bytes Quote Link to post Share on other sites
sarahw Posted October 14, 2008 Report Share Posted October 14, 2008 Hi,Welcome to the siteI will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.I want you to show hidden files. There are instructions HERE to help you do this.You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. Quote Link to post Share on other sites
sarahw Posted October 14, 2008 Report Share Posted October 14, 2008 1.Updating Java and Clearing CacheGo to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot.If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp[*]After the reboot, go back into the Control Panel and double-click the Java Icon.[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded AppletsDownloaded ApplicationsOther Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.2.Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).Click Scan.When the scan is complete, click OK, then Show Results to view the results.If Malware is found...Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to your desktop.NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:Launch Malwarebytes' Anti-Malware.Click the Logs tab.Double-click log-mm.dd.yyyy [xxxxxx].txt.In your next reply post the Malwarebytes' Anti-Malware log.3.Click HERE and run an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information into your next post. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.