Malwarebytes was one of the two programs that I used to quarantine the
Trojans.
SpywareStop was the other one.
Some other forum I noticed that everyone posts something called a "Hijack
This" log. So I found the program and here is what I got from the program.
Logfile of Trend Micro Hijack This v2.0.2
Scan saved at 9:22:50 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running Processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\services.exe
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Progra~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Adove\Reader 9.0\Reader\Reader_sl.exe
CL\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program\SpywareStop\SpywareStop.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\UPS\WSTDMessaging.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69175
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSeach =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
https://www.ups.com/sek-bin/login.cg...290&Client=UOW
O2 - BHO: (no name) - {298F35DE-AC15-42CE-8465-AD0A69B33F19} -
C:\WINDOWS\System32\mlJCtqnO.dll (file missing)
02 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
02 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -
C:\PROGRA~1\AVG\AVG8\AVGTOO~.DLL
03 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E}
- C:\PROGRA~1\AVG\AVG8\AVGTOO~.DLL
04 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
04 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
04 - HKLM\..\Run: [SunJavaUpdateSched] C
rogram
Files\Java\j2re1.4.2_03\bin\jusched.exe
04 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SSTEM32\USRmlnkA.exe RunServices
\Device\3cpipe-USRpdA
04 - HKLM\..\Run: [NA1Messenger]C:\UPS\WSTD\UPSNA1Msgr.exe
04 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
04 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
04 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run: SpywareStop] C:\Program Files\SpywaresStop\SpywareStop.exe
-boot
04 - Global Startup: Microsoft Office.Ink = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
04 - Global Startup: Service Manager.Ink = C:\Program Files\Microsoft SQL
Server\08\Tools\Binn\sqlmangr.exe
04 - Global Startup: UPS Worldship Messaging Utility.Ink =
C:\UPS\WSTD\WSTDMessaging.exe
04 - Global Startup: UPS Worldship PLD Reminder Utility.Ink =
C:\UPS\SWTD\wstdPldReminder.exe
09 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
09 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDODWS\System32\msjava.dll
(file missing)
09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windwos Messenger -
{FB5F1910-F110-11d2BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
016 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flach Objeck) -
http://fpdownlaod2.macromedia.com/ge...sh/swflash.cab
018 - Protocol: linkscanner - {F274614C-63F847D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
020 - Applnit_DLLS:luiriz.dll,avgrsstx.dll
023 - Service: AVG Gree8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
023 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Fiels\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
023 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\NCS\Sync\NetSvc.exe