Spyware, malware - HJT log and Panda log attached [CLOSED]

Hello,

We have a some nasty spyware and malware on the computer.
We have seen wn0008 in the C: directory and there is PestTrap folder in C:\Programs Files.
Please help! Many thanks in advance!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 PM, on 9/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Symantec\pcAnywhere\Winaw32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Symantec\pcAnywhere\SessionController.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179243495179
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.station.s...outLauncher.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe

Panda log:

Incident Status Location

Adware:Adware/PestTrap Not disinfected c:\winstall.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Oem User\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:adware/24-7-search Not disinfected c:\winnt\system32\unPPC.exe
Potentially unwanted tool:application/pesttrap Not disinfected c:\program files\PestTrap
Spyware:spyware/iehelp Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@bfast[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@casalemedia[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@clickbank[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@com[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@hitbox[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@landing.domainsponsor[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@serving-sys[2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@sexlist[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@webpower[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oem User\Cookies\oem user@zedo[1].txt
Spyware:Spyware/Iehelp Not disinfected C:\Program Files\iWin Games\iWinGamesHookIE.dll
Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur000.dll
Potentially unwanted tool:Application/MalwareAlarm Not disinfected C:\Program Files\PestTrap\heur001.dll
Potentially unwanted tool:Application/BraveSentry Not disinfected C:\Program Files\PestTrap\heur002.dll
Potentially unwanted tool:Application/BraveSentry Not disinfected C:\Program Files\PestTrap\heur003.dll
Adware:Adware/PestTrap Not disinfected C:\Program Files\PestTrap\PestTrap.exe
Adware:Adware/PestTrap Not disinfected C:\Program Files\PestTrap\Uninstall.exe
Adware:Adware/PestTrap Not disinfected C:\wn0008.exe

Spyware, malware - HJT log and Panda log attached [CLOSED] - Geeks to Go Forums

Spyware, malware - HJT log and Panda log attached [CLOSED]

#1 justsumguru

#2 Essexboy

#3 Essexboy

#4 Essexboy

#5 Essexboy

Share this topic:

Related Topics: