Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:27 PM, on 1/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5508)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\system32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6674 bytes
Here is my uninstall_list:
µTorrent
ACDSee 9 Photo Manager
ACDSee Pro 2.5
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1.3
Adobe Stock Photos 1.0
Agendus for Windows Palm Desktop Edition
Apple Mobile Device Support
AVG 9.0
AviSynth 2.5
Boot Camp Services
CCleaner
Chinese Traditional Fonts Support For Adobe Reader 9
Defraggler
Documents To Go
eBay Blackthorne
eBoostr 3
FileMaker Pro 6
Free YouTube to iPod Converter version 3.2
Free YouTube to Mp3 Converter version 3.2
Heroes of Newerth
HijackThis 2.0.2
Hotfix for MSXML 4 (KB887606)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Miranda IM 0.8.11
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 Parser and SDK
NETVIGATOR Pocket Wi-Fi Connection Manager
NVIDIA Drivers
palmOne
PowerISO
Quake Live Mozilla Plugin
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 8.0
Revo Uninstaller Pro 2.0.5
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skype™ 4.1
Sothink FLV Player
Spybot - Search & Destroy
Steam
UltraMon
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Ventrilo Client
Ventrilo Server
Videora iPod Converter 5.03
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - Apple Inc. (applebt) Bluetooth (05/30/2008 2.1.1.0)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (06/18/2008 2.1.1.1)
Windows Driver Package - Apple Inc. Apple Multitouch (09/02/2008 2.1.1.9)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/02/2008 2.1.1.9)
Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
Windows Driver Package - Broadcom (BCM43XX) Net (03/21/2008 4.170.77.3)
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
Windows Live Messenger
WinRAR archiver
WinZip 12.1
Y Store Tools RTML Template Transfer Utility
Hello,
I have recently got a trojan horse, I don't know how to get rid of it. I have tried to google the name to see wether there were previous cases like mine, but the ones I found weren't helpful. I have also tried to run AVG, Spybot, Ad-aware in safe mode with my system restore disabled. But when I run window normally, my AVG indicates that i still have the infection.
The infection file is Located: c:\\windows\system32\419280.exe
The Trojan Horse name was: Trojan Horse BackDoor.Generic12.GOG.dropper
Thank you for you time