1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijack this Log...help

Discussion in 'Windows - Virus and spyware problems' started by bryanoens, Aug 2, 2007.

  1. bryanoens

    bryanoens Member

    Joined:
    Mar 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    11
    Ive been using Vundo-fix, adaware, spybot, and symantec and popups still take over my IE...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:03 AM, on 8/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\SYSTEM32\DWRCST.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\SolarWinds\Engineer's Toolset\SWLauncher.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\bin\rteng7.exe
    C:\Program Files\SolarWinds\Engineer's Toolset\NetPerfMon.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\system32\mshta.exe
    C:\WINDOWS\system32\mshta.exe
    C:\WINDOWS\system32\mshta.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\bleary\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sc-az-sp1/default.aspx
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Internet provided by Spectrum
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\khhiiff.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: (no name) - {69496386-7CD0-4894-8317-98625447728E} - C:\WINDOWS\system32\awtsp.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {770D8314-8C1D-4F5D-8EE6-5E9EC3A5D99F} - C:\WINDOWS\system32\vtutu.dll (file missing)
    O2 - BHO: (no name) - {7DF9B779-BFE1-427B-978D-0A30FECA13EA} - C:\WINDOWS\system32\sstqp.dll (file missing)
    O2 - BHO: (no name) - {A1391FDD-BCB9-4DF7-9159-EE790580CD11} - C:\WINDOWS\system32\vturq.dll (file missing)
    O2 - BHO: (no name) - {A2958729-94D3-4E7A-A929-5CFF54C8ADAF} - C:\WINDOWS\system32\jkklm.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\vbplmqki.dll
    O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\wjwyvdnp.dll (file missing)
    O2 - BHO: (no name) - {DCD53738-C4F9-414A-A03C-C7405A4AC844} - C:\WINDOWS\system32\khfedda.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SWQuickLauncher] C:\Program Files\SolarWinds\Engineer's Toolset\SWLauncher.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://my.concureworkplace.com
    O15 - Trusted Zone: *.sccaswc
    O15 - Trusted Zone: *.sccaswcs
    O15 - Trusted Zone: http://appslb.spectrum.int
    O15 - Trusted Zone: employee.spectrum.int
    O15 - Trusted Zone: www.spectrumchemical.com
    O15 - Trusted Zone: http://www.spectrumchemical.com
    O15 - Trusted Zone: www.spectrumrx.com
    O15 - Trusted Zone: http://www.usps.com
    O15 - Trusted Zone: http://my.concureworkplace.com (HKLM)
    O15 - Trusted Zone: *.sccaswc (HKLM)
    O15 - Trusted Zone: *.sccaswcs (HKLM)
    O15 - Trusted Zone: http://appslb.spectrum.int (HKLM)
    O15 - Trusted Zone: employee.spectrum.int (HKLM)
    O15 - Trusted Zone: www.spectrumchemical.com (HKLM)
    O15 - Trusted Zone: http://www.spectrumchemical.com (HKLM)
    O15 - Trusted Zone: www.spectrumrx.com (HKLM)
    O15 - Trusted Zone: http://www.usps.com (HKLM)
    O15 - Trusted IP range: 192.168.5.20
    O15 - Trusted IP range: http://192.168.5.20
    O15 - Trusted IP range: 192.168.5.20 (HKLM)
    O15 - Trusted IP range: http://192.168.5.20 (HKLM)
    O15 - ESC Trusted Zone: http://*.windowsupdate.com
    O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
    O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - http://192.168.5.20/common/controls/ssTree.cab
    O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://192.168.5.20/SWCCommon/Controls/activexviewermod.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1181927221142
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://sc-az-ts1/msrdp.cab
    O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - http://192.168.5.20/Common/controls/iemenu.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://198.182.65.155/activex/AxisCamControl.cab
    O16 - DPF: {977DBE03-F527-11D3-8F03-00C04FA3EB91} (RtdControl Class) - http://192.168.5.20/Common/Controls/RtdCtrl.cab
    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spectrum.int
    O17 - HKLM\Software\..\Telephony: DomainName = spectrum.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spectrum.int
    O20 - Winlogon Notify: khfedda - khfedda.dll (file missing)
    O20 - Winlogon Notify: khhiiff - C:\WINDOWS\SYSTEM32\khhiiff.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

    --
    End of file - 12533 bytes
     
    bryanoens, Aug 2, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Auttaja, Aug 3, 2007
    #2

Share This Page