I got infected with Antispywareupdates.net.
I reviewed for some inputs and then decided to run Hijackthis and post the log. I followed the preliminary steps before starting the Hijackthis.
I downloaded AVG Antispy ware, AVG anti virus, Super Anti Spy ware Trial versions and then followed the instructions.
Please find here with logs of AVG Anti Spyware, Super Anti Spy Ware and then Hijackthis.
--------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:26:29 AM 3/17/2008
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
::Report end
====================================================
SUPERAntiSpyware Scan Log
Generated 03/16/2008 at 02:18 PM
Application Version : 3.6.1000
Core Rules Database Version : 3420
Trace Rules Database Version: 1412
Scan type : Complete Scan
Total Scan Time : 01:31:51
Memory items scanned : 431
Memory threats detected : 1
Registry items scanned : 4767
Registry threats detected : 10
File items scanned : 55438
File threats detected : 13
Rogue.Unclassified/Loader
D:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
D:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}
Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
D:\WINDOWS\BOKJA.EXE
D:\WINDOWS\STCLOADER.EXE
Adware.Tracking Cookie
D:\Documents and Settings\admin\Cookies\admin@doubleclick[1].txt
D:\Documents and Settings\admin\Cookies\[email protected][1].txt
Adware.180solutions/ZangoSearch
D:\Program Files\Zango\zango.exe
D:\Program Files\Zango
Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.180solutions/Seekmo
D:\Program Files\Seekmo\seekmohook.dll
D:\Program Files\Seekmo
Adware.AdSponsor/ISM
HKU\S-1-5-21-1409082233-1960408961-725345543-1003\Software\QdrModule
HKU\S-1-5-21-1409082233-1960408961-725345543-1003\Software\QdrPack
D:\Documents and Settings\admin\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
D:\Documents and Settings\admin\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
D:\Documents and Settings\admin\Start Menu\Programs\Internet Speed Monitor
Torjan.SecondThoughtInstaller
D:\WINDOWS\INSTALLER\ID53.EXE
======================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:41 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\Program Files\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\drivers\ctfmon.exe
D:\Documents and Settings\admin\Local Settings\Application Data\spool.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\drivers\ctfmon.exe
D:\Documents and Settings\admin\Local Settings\Application Data\spool.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ntuser] D:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKLM\..\Run: [autoload] D:\Documents and Settings\admin\Local Settings\Application Data\spool.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QdrModule13] "D:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "D:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [ntuser] D:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKCU\..\Run: [autoload] D:\Documents and Settings\admin\Local Settings\Application Data\spool.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] D:\WINDOWS\system32\drivers\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] D:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] D:\WINDOWS\system32\drivers\ctfmon.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = D:\Program Files\Bat\Bat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - D:\WINDOWS\system32\drivers\ctfmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - D:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 8273 bytes
=========================================================
I highly appreciate for any experts advise.
Thank you in Advance
Rgrds,
Sagar