Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple malware infections with HiJackThis log


  • Please log in to reply

#1
vbd

vbd

    New Member

  • Member
  • Pip
  • 1 posts
I've run AVG antispyware, Spybot S&D, Ad-Aware SE, CWshredder, and the panda scan. Below is the current HiJackThis log, followed by the HiJackThis uninstall list, followed by the Panda activescan results.

Any recommendations on getting the rest of the trojans off would be appreciated. This computer belong's to my daughter's college roommate. Advice on removing AIM, iTunes and Facebook are not practical at this point. It only has 256mb memory. Financial situation is such that a new computer is not in the works. What can I do to make this work for her?

Please just tell me where to start. Thanks vbd


Logfile of HijackThis v1.99.1
Scan saved at 9:53:57 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Documents and Settings\Wendy Scola\My Documents\computer maintenance software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094157755980
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: kbcr - C:\WINDOWS\addins\kbcr.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: psmsvc - C:\WINDOWS\Config\psmsvc.dll (file missing)
O20 - Winlogon Notify: runcab - C:\WINDOWS\system\runcab.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\WENDYS~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



HiJackThis Uninstall List

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0
AIM Toolbar
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20020929.1)
AOL Instant Messenger
Apple Software Update
AVG Free Edition
Dell Solution Center
DiamondCS APM
DVDSentry
Easy CD Creator 5 Basic
HijackThis 1.99.1
hp deskjet 5600
hp deskjet 5600 series
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
IE Host R3
Indexing Function
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterActual Player
InterVideo WinDVD
iPod for Windows 2005-09-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content
Microsoft Office XP Professional
Modem Helper
Musicnotes Player
myPowerHour 1.2
MyTunes 1.0
Norton AntiVirus Corporate Edition
Panda ActiveScan
PCTEL 2304WT V.9x MDC Modem Drivers
Picture Package
QuickSet
QuickTime
RealPlayer Basic
Search OS
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony USB Driver
Spybot - Search & Destroy 1.4
The Best Offers
TP HTTP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL.IE APP
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Web Browser Component Manager
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.0
Yahoo! Toolbar



Panda Activescan results


Incident Status Location

Adware:adware/delfinmedia Not disinfected c:\program files\common files\remove_tools.html
Adware:adware program Not disinfected c:\windows\system32\data.~
Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1
Adware:adware/virtualbouncer Not disinfected c:\windows\system32\INNERADINSTALL.LOG
Spyware:spyware/linkreplacer Not disinfected c:\windows\system32\lmdv.bin
Adware:adware/midaddle Not disinfected c:\windows\system32\PreUninstall.exe
Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\psis80ex.ax
Adware:adware/iedriver Not disinfected c:\windows\system32\Searchx.htm
Adware:adware/sahagent Not disinfected c:\windows\downloaded program files\sporder_.dll
Spyware:spyware/betterinet Not disinfected c:\windows\inf\biini.inf
Adware:adware/dealhelper Not disinfected c:\windows\dsearch1.bin
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall5_64.exe
Adware:adware/twain-tech Not disinfected c:\windows\satmat.ini
Adware:adware/sidesearch Not disinfected c:\windows\sepsd.bin
Adware:adware/transponder Not disinfected C:\WINDOWS\system32\DrTemp
Adware:adware/ncase Not disinfected c:\windows\system32\FLEOK
Potentially unwanted tool:application/bestoffer Not disinfected c:\program files\TBONBin
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\Wendy Scola\Internet Optimizer
Adware:adware/esyndicate Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Spyware:spyware/clipgenie Not disinfected Windows Registry
Adware:adware/ezula Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/addestroyer Not disinfected Windows Registry
Spyware:spyware/virtumonde Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry
Spyware:spyware/clearsearch Not disinfected Windows Registry
Adware:Adware/DelFinMedia Not disinfected C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Wendy Scola\Cookies\wendy [email protected][1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Wendy Scola\My Documents\computer maintenance software\backups\backup-20061030-020423-125.dll
Adware:Adware/PurityScan Not disinfected C:\install_george.exe
Adware:Adware/DelFinMedia Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0194ADE7-C979-452B-91D5-AE3EDE\DD0D0F0F-9C31-4DC2-AAD1-B92119
Possible Virus. Not disinfected C:\Program Files\TBONBin\TBONWnd.EXE
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\INF\biH.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\satmat.inf
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_10.exe
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM\psfax.dll
Adware:Adware/NetPals Not disinfected C:\WINDOWS\SYSTEM32\atiupdate5.exe
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\SYSTEM32\ativtmxx.exe
Spyware:Spyware/UrlSpy Not disinfected C:\WINDOWS\SYSTEM32\bidispl9.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM32\BO2802040113.dll
Adware:Adware/VirtualBouncer Not disinfected C:\WINDOWS\SYSTEM32\BO2804040128.exe
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\SYSTEM32\CIODM116.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\mlljg.dll
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v123.cpl
Spyware:Spyware/LinkReplacer Not disinfected C:\WINDOWS\SYSTEM32\uninst.exe
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\Temp\addit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\WINDOWS\Temp\addit.exe[Updater.exe]
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\Temp\all_files9.exe[install_george.exe]
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\Temp\all_files9.exe[SaveInstCsSm.exe]
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\Temp\all_files9.exe[incredifind.exe]
Adware:Adware/BrowserAid Not disinfected C:\WINDOWS\Temp\all_files9.exe[dist1_1_00.exe]
Adware:Adware/eZula Not disinfected C:\WINDOWS\Temp\all_files9.exe[ESB.exe]
Virus:Trj/Downloader.OE Not disinfected C:\WINDOWS\Temp\all_files9.exe[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files9.exe[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files9.exe[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files9.exe[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\all_files9.exe[setup233.exe][td.exe]
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\Temp\ir.exe
Adware:Adware/StatBlaster Not disinfected C:\WINDOWS\Temp\tracker9.exe
Adware:Adware/BrowserAid Not disinfected C:\WINDOWS\Temp\_ps_inst.exe[rundll16.exe]
Adware:Adware/BrowserAid Not disinfected C:\WINDOWS\Temp\_ps_inst.exe[rundll16.dll]
Adware:Adware/DelFinMedia Not disinfected C:\WINDOWS\Temp\~MySetup.exe

Edited by vbd, 30 October 2006 - 09:25 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP