Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

some sort of Trojan

Started by Ms.Orange , May 29 2008 09:48 PM

  • Please log in to reply

#1
Ms.Orange
Posted 29 May 2008 - 09:48 PM

Ms.Orange

    Member

  • Member
  • PipPip
  • 25 posts
Hello,

Today my IE could not display sites (eg. if I went to msn.com it would just be blank). I scanned using Ad-aware and then AntiVir, and AntiVir quarantined 4 trojans in the end.

Next, I came to Geeks, and I followed the instructions in the "You Must Read this Before Posting a Hijackthis log":
I ran the ATF cleaner, then did Systems Restore. When I tried to scan using Malwarebytes' Anti-Malware, a window popped up saying "overflow" and Malwarebytes automatically closed.
I tried the Panda Activescan, but when I was downloading the file to install, AntiVir popped up saying there was something bad, and so I clicked "Access Deny"

I rebooted the computer, then ran Hijackthis. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 08:33:15, on 2008/5/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Jennifer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0

\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\iTunesHelper.exe
C:\WINNT\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
D:\Jennifer\AntiVir PersonalEdition Classic\sched.exe
D:\Jennifer\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Jennifer\Applications\Hijackthis\HijackThis.exe

O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-

9BB68697AA7F} - C:\Program Files\Thunder

Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-

3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL

(file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -

C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-

A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3AFEFFEE-3709-5184-2D72-4DB60F3FF1C8} -

C:\WINNT\system32\xakrzil.dll (file missing)
O2 - BHO: MKGHelper Class - {3DEEC4E2-4125-498E-9263-50A221EF1AAB} -

C:\Program Files\MyKazaaGold\MusicBar.dll (file missing)
O2 - BHO: KGSearchAssistant Class - {4538BEFE-5297-4AAE-B466-

C2463D5B927D} - C:\Program Files\MyKazaaGold\MKGSearchAssistant.dll

(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no

file)
O3 - Toolbar: My Kazaa Gold - {2A9316B0-C5F0-4202-ACF7-458D5561AD71} -

C:\Program Files\MyKazaaGold\MusicBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\System32

\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5

"LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program

Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avgnt] "D:\Jennifer\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder

Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Samsung Common SM]

"C:\WINNT\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common

Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD

Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet

Network\Flashget\FlashGet.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"

/nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -

AutoStart
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program

Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINNT\system32\ECURIT~1\CRSS~1.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\System32\CTFMON.EXE

(User 'Default user')
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet

Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program

Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚Web捃濘狟婥 - C:\Program

Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚Web捃濘狟婥窒蟈諉 - C:\Program

Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 雄Web捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6}

- http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 雄Web捃濘 - {962EFB8E-2683-42d4-AC74-

AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: My Kazaa Gold - {A4A0A07D-3633-4de8-AFB4-

44B917596E12} - C:\Program Files\MyKazaaGold\MusicBar.dll (file

missing)
O9 - Extra 'Tools' menuitem: My Kazaa Gold1 - {A4A0A07D-3633-4de8-AFB4

-44B917596E12} - C:\Program Files\MyKazaaGold\MusicBar.dll (file

missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}

(InstallerBehaviorFactory Class) -

https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags

Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0

Installer Class) -

http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2FDB8363-FB18-48EC-8E66-E143FAC80A2F} (Eyeball Video

Session Control) - http://www.mytutor.ca/EyeballSDK.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) -

http://chippokechuur...ad/MsnPUpld.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} -

http://download.ppst...powerplayer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo

Uploader Control) -

http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.micros...en/x86/client/w

uweb_site.cab?1158200106640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.micros...s/en/x86/client

/muweb_site.cab?1158203650218
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo

Upload Control) -

http://chippokechuur...ad/MsnPUpld.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader

Class) - http://player.bugs.c.../mv/p3bvset.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) -

http://player.bugs.c..._2006_02_11.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - ms-

its:mhtml:file://c:\nesunew.mht!

http://adgate.info/z...FreeInstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: nopdb.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler

(AntiVirScheduler) - Avira GmbH - D:\Jennifer\AntiVir PersonalEdition

Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -

Avira GmbH - D:\Jennifer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴?网?科技有

限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

--
End of file - 12220 bytes


Another window popped up after the scan, with a list to select and fix, but I don't know which files to fix.

Thank you for your time.

Ms. Orange
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP