The problem is: Popups and repeated attacks by virus on a Dell Xp Desktop
I am wondering if there is something in the browser that is leading the poor folks who own this computer to sites where the malware and virus and trojans harbor. I noticed many popups and we caught WinFixer this afternoon and removed manually the last of 39 identified viruses and trojans manually.
Take a deep breath if you can understand hijack this log files and see if you can help. If you would liike please look at the following hijack this log file and tell me what to check and clean within Hijack this to improve the situation.
So far we have had several days working on this computer for free for a farm family who contributes very much to childeren and is insturmental in our 4H group. They deserve a little free computer support because they work so hard for so many of the Kids in the Verona, WI Area. We were able to us both a combination of AVAST software and Norton Antivirus along with manual removal of one virus to get the machine to scan clean with Norton.
I believe were almost done cleaning this machine but noticed the Net Flix pop ups and a virus that was caught this afternoon called WinFixer
Thank you in advance for your support.
Kind Regards,
Thomas Starich
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:58 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.ex
e
C:\WINDOWS\system32\spools
v.exe
C:\PROGRA~1\COMMON~1\AOL\A
CS\acsd.ex
e
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
iceService
.exe
C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
ce.exe
C:\WINDOWS\System32\nvsvc3
2.exe
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Viewpoint\Common\Vie
wpointServ
ice.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bi
n\jusched.
exe
C:\Program Files\Real\RealPlayer\Real
Play.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatc
h Jukebox\mmtask.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\hphmon
05.exe
C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpm
gr.exe
C:\Program Files\Common Files\AOL\1134010731\ee\AO
LSoftware.
exe
C:\WINDOWS\System32\HPZipm
12.exe
C:\Program Files\CyberLink\PowerDVD\D
VDLauncher
.exe
C:\WINDOWS\system32\dla\tf
swctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.
exe
C:\WINDOWS\system32\ctfmon
.exe
C:\Program Files\Plaxo\2.12.1.1\Plaxo
Helper.exe
C:\Program Files\Cloudmark\SpamNet\OE
\snoe.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService
.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
s.exe
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D
1CA6FB9C90
D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.d
ll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D
42A53123C7
5} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.
0\NppBho.d
ll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
0123456789
0} - C:\WINDOWS\system32\dla\tf
swshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8
EA1C75885F
9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
E66B5AD205
D} - C:\Program Files\Google\GoogleToolbar
Notifier\2
.0.301.716
4\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
09B6AD74AC
C} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-A
A305ED9D92
2} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-F
BEE9C7B26D
F} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.
0\UIBHO.dl
l
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\jkxik
pjp.dll",f
orkonce
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PIFSvc
.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\AlertE
ng.dll"
O4 - HKLM\..\Run: [{FF-FA-A4-4C-ZN}] C:\windows\system32\mndsre
gm.exe SKY003
O4 - HKLM\..\Run: [yyednzqA] C:\WINDOWS\yyednzqA.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bi
n\jusched.
exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Real
Play.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatc
h Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.
exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
ay.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{537
2B9A6-6E51
-4f90-9B40
-E0A3B8475
C4E}\hphup
d05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon
05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
drivers\w3
2x86\3\hpz
tsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
gr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134010731\ee\AO
LSoftware.
exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinon
dt.exe SKY003
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\D
VDLauncher
.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
swctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe
" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Sarbacker\Applica
tion Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Sarbacker\Applica
tion Data\Microsoft\Windows\nwc
qlnh.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\Plaxo
Helper.exe
-a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
" /background
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\MANT
EC~1\spool
sv.exe" -vt yazb
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
Notifier\G
oogleToolb
arNotifier
.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsre
gt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\
search.htm
l
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B
4C75499B57
8} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\System32\Shdocv
w.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4
502d9a03c2
d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
2ba3849658
3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2B323CD9-50E3-11D3-9466-0
0A0C970049
8} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-6
2B522420EC
C} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-F
CFDF33E833
C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097012321843O16 - DPF: {77E32299-629F-43C6-AB77-6
A1E6D7663F
6} (Groove Control) -
http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cabO16 - DPF: {7D1E9C49-BD6A-11D3-87A8-0
09027A35D7
3} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cabO20 - Winlogon Notify: nnnnnnl - nnnnnnl.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\A
CS\acsd.ex
e
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
iceService
.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.e
xe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.
exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterServi
ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
P~1\LUCOMS
~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-
4c61-B58F-
2F227FCA9A
08}\PIFSvc
.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSv
c.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
e
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.ex
e
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\Vie
wpointServ
ice.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 12306 bytes
