So I shut down the computer, and eventually got it up to the point where most of the malware was gone.
However, it seems I'm still infected. I am seeing tons of outgoing SMTP connections from services.exe (most of which are fortunately either being blocked by ESET NOD32 or PeerBlock).
If anyone can possibly help me finish cleaning up without having me do a reformat, that would be great.
HJT Log
- Code: Select all
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:47:51 PM, on 10/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Software Informer\softinfo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {D6BA40A1-A502-59BD-F413-04B03A2C8953} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\windows.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted IP range: http://192.168.1.1 O15 - ESC Trusted IP range: http://192.168.1.1 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/pcpitstop.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9491BB58-5C2A-4470-A2D6-08ACAE1AAC09}: NameServer = 192.168.1.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: iskjsfuwajiduhf87sfydudhnf - {D6BA40A1-A502-59BD-F413-04B03A2C8953} - (no file) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Game Jackal Server (GJService) - Unknown owner - C:\Program Files\SlySoft\Game Jackal v4\Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9002 bytes
Uninstall List
- Code: Select all
µTorrent 18 Wheels of Steel Pedal to the Metal 7-Zip 4.65 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.0 Adobe Shockwave Player 11 Age of Mythology Algodoo v1.7.1 AnkhSVN 2.1.8420.8 Apple Application Support Apple Mobile Device Support Apple Software Update Armadillo Run 1.0.3 Audacity 1.3.12 (Unicode) Bridge Construction Set 1.37 Bus Driver 1.0 Buzz CCleaner Cheat Engine 5.6.1 Clean Arms V1.3 Colin McRae Rally 3 Combat Arms COMODO System - Cleaner Compatibility Pack for the 2007 Office system Counter-Strike: Source dBpoweramp DSP Effects dBpoweramp Music Converter dBpoweramp Windows Media Audio 10 Codec Diskeeper 2010 Pro Premier Doom 3 EA Download Manager EAX Unified eCoop 2.0 Euro Truck Simulator 1.3 FileZilla Client 3.3.4.1 Fraps (remove only) Game Booster Game Jackal v4.0.2.8 (32 bit) Garry's Mod GCFScape 1.7.3 GIMP 2.6.11 Grand Theft Auto IV Grand Theft Auto IV Grand Theft Auto IV Grand Theft Auto IV Grand Theft Auto IV GTA San Andreas GTA San Andreas Admin Console Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life Dedicated Server Update Tool HiJackThis Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092) ImgBurn InstallShield DIM Prerequisites Instantbird (0.2) iSkysoft Video Converter Ultimate(Build 3.0.3.0) iTunes iuVCS Java(TM) 6 Update 17 KWorld USB 2800 WDM Driver Liveupdate4 LogMeIn Mafia Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Device Emulator version 3.0 - ENU Microsoft DirectX SDK (June 2010) Microsoft Document Explorer 2008 Microsoft Document Explorer 2008 Microsoft Expression Blend 2 Microsoft Expression Blend 2 Microsoft Expression Studio 2 Microsoft Expression Studio 2 Microsoft Expression Web 2 Microsoft Expression Web 2 Microsoft Expression Web 2 MUI (English) Microsoft Games for Windows - LIVE Redistributable Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Outlook Connector Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Edition 2003 Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2008 Management Objects Microsoft SQL Server Compact 3.5 for Devices ENU Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Database Publishing Wizard 1.3 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) Microsoft Visual Studio Web Authoring Component Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Windows SDK for Visual Studio 2008 SP1 Tools Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools Microsoft Windows SDK for Windows 7 (7.1) Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Game Studio 3.1 Microsoft XNA Game Studio 3.1 (ARP entry) Microsoft XNA Game Studio 3.1 (devenv) Microsoft XNA Game Studio 3.1 (Platformer) Microsoft XNA Game Studio 3.1 (Redists) Microsoft XNA Game Studio 3.1 (Shared Components) Microsoft XNA Game Studio 3.1 (XnaLiveProxy) Microsoft XNA Game Studio 3.1 Documentation Microsoft XNA Game Studio Platform Tools Mozilla Firefox (3.6.11) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML4 Parser Need For Speed - Porsche Unleashed (Enhanced) Need for Speed™ Most Wanted Need for Speed™ ProStreet Nero Suite Network Addon Mod Version June 2009 New Editor 9.5 Notepad++ NVIDIA Display Control Panel NVIDIA Drivers NVIDIA nView Desktop Manager NVIDIA PhysX OpenAL oZone3D.Net FurMark v1.8.2 Paint.NET v3.5.5 PeerBlock 1.0+ (r484) Polipo 1.0.4.1 Portal QuickTime Railroad Tycoon 2: Platinum Realtek High Definition Audio Driver Resident Evil 3 RollerCoaster Tycoon® 3 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222) Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Segoe UI SimCity 4 Deluxe Software Informer 1.0 BETA Sony Noise Reduction Plug-In 2.0h Source Dedicated Server Source SDK Base - Orange Box Spybot - Search & Destroy SQL Server System CLR Types SQLite2009 Pro Enterprise Manager [2010.03.10] Steam Streets of SimCity SUPER © Version 2010.bld.38 (May 2, 2010) Synergy System Requirements Lab Team Fortress 2 TeamViewer 5 TeraCopy 2.12 The Movies(TM) The Sims 2 The Sims 2 Family Fun Stuff The Sims 2 Glamour Life Stuff The Sims 2 Nightlife The Sims 2 Open For Business The Sims 2 Pets The Sims 2 University The Sims™ 2 Bon Voyage The Sims™ 2 Celebration! Stuff The Sims™ 2 FreeTime The Sims™ 2 H&M® Fashion Stuff The Sims™ 2 Seasons The Sims™ 3 The Sims™ Life Stories tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k Tor 0.2.1.26 TortoiseSVN 1.6.10.19898 (32 bit) Universal Extractor 1.6 Unlocker 1.8.7 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) VC 9.0 Runtime Vegas Movie Studio Platinum 9.0b Ventrilo Client Vidalia 0.2.9 Visual C++ 2008 IA64 Runtime - (v9.0.30729) Visual C++ 2008 IA64 Runtime - v9.0.30729.01 Visual C++ 2008 x64 Runtime - (v9.0.30729) Visual C++ 2008 x64 Runtime - v9.0.30729.01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - (v9.0.30729.4148) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 2008 x86 Runtime - v9.0.30729.4148 VLC media player 1.1.4 VMware Workstation VMware Workstation Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 Xvid 1.2.2 final uninstall Zombie Panic! Source