Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Hijack This Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 kumo

kumo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 02 April 2006 - 06:01 PM

I GET THIS:full.exe,full[2].exe,Trojan Horse Dropped.PP,Agent.PP,Trojan Horse Dropper.Agent PP, and more


Logfile of HijackThis v1.99.1
Scan saved at 55030 PM, on 422006
Platform Windows XP SP2 (WinNT 5.01.2600)
MSIE Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes
CWINDOWSSystem32smss.exe
CWINDOWSsystem32winlogon.exe
CWINDOWSsystem32services.exe
CWINDOWSsystem32lsass.exe
CWINDOWSsystem32Ati2evxx.exe
CWINDOWSsystem32svchost.exe
CWINDOWSSystem32svchost.exe
CProgram FilesCommon FilesSymantec SharedccProxy.exe
CProgram FilesCommon FilesSymantec SharedccSetMgr.exe
CProgram FilesNorton Internet SecurityISSVC.exe
CProgram FilesCommon FilesSymantec SharedSNDSrvc.exe
CProgram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
CProgram FilesCommon FilesSymantec SharedccEvtMgr.exe
CWINDOWSsystem32Ati2evxx.exe
CWINDOWSExplorer.EXE
CWINDOWSsystem32spoolsv.exe
CWINDOWSehomeehtray.exe
CProgram FilesCommon FilesSymantec SharedccApp.exe
CProgram FilesDigital Media Readershwiconem.exe
CPROGRA~1mcafee.comagentmcagent.exe
CWINDOWSzHotkey.exe
CProgram FilesCyberLinkPowerDVDPDVDServ.exe
CProgram FilesATI TechnologiesATI.ACEcli.exe
CWINDOWSsystem32rundll32.exe
CProgram FilesLinksys Wireless-G USB Wireless Network MonitorInfoMyCa.exe
CProgram FilesJavajre1.5.0_06binjusched.exe
CProgram FilesQuickTimeqttask.exe
CWINDOWSsystem32p2pnetworking.exe
Cwindowsmousepad7.exe
CWINDOWSmohgxauA.exe
CWINDOWSSYSC00.exe
CPROGRA~1GrisoftAVGFRE~1avgamsvr.exe
CWINDOWSwin3207770-522458.exe
CPROGRA~1GrisoftAVGFRE~1avgupsvc.exe
CWINDOWSsystem32RUNDLL32.EXE
CPROGRA~1GrisoftAVGFRE~1avgemc.exe
CWINDOWSms04458770-522.exe
CWINDOWSsys0222458770-5.exe
CWINDOWSeHomeehRecvr.exe
CProgram FilesATI MultimediaRemCtrlATIRW.exe
CWINDOWSeHomeehSched.exe
cprogram filesmcafee.comagentmcdetect.exe
cPROGRA~1mcafee.comagentmctskshd.exe
CProgram FilesBigFixBigFix.exe
CDocuments and SettingsAll UsersStart MenuProgramsStartupwmplayer.exe
CProgram FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
CProgram FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe
CProgram FilesLinksys Wireless-G USB Wireless Network MonitorWUSB54Gv4.exe
CProgram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
CWINDOWSsystem32dllhost.exe
CWINDOWSeHomeehmsas.exe
CProgram FilesATI TechnologiesATI.ACEcli.exe
CProgram FilesATI TechnologiesATI.ACEcli.exe
CWINDOWSsystem32igfxsrvc.exe
CProgram FilesGrisoftAVG Freeavgwb.dat
CProgram FilesLavasoftAd-Aware SE PersonalAd-Aware.exe
CPROGRA~1NORTON~1NORTON~1navw32.exe
CProgram FilesAIMaim.exe
CProgram FilesSpybot - Search & DestroySpybotSD.exe
CProgram FilesTrojanHunter 4.5TrojanHunter.exe
CProgram FilesTrojanHunter 4.5THGuard.exe
CDOCUME~1ADMINI~1LOCALS~1TempRar$EX02.938HijackThis.exe
CProgram FilesMessengermsmsgs.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = httpsearchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = httpsearchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = httpwww.myspace.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = httpus.rd.yahoo.comcustomizeiedefaultssbmsgr7httpwww.yahoo.comextsearchsearch.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = httpsearchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = httpwww.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = httpus.rd.yahoo.comcustomizeiedefaultssumsgr7httpwww.yahoo.com
R3 - URLSearchHook (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REGsystem.ini UserInit=userinit.exe
O2 - BHO (no name) - {00000000-0000-0000-0000-000000000010} - CWINDOWSDH.dll (file missing)
O2 - BHO AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CProgram FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - CWINDOWSDH.dll (file missing)
O2 - BHO SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre1.5.0_06binssv.dll
O2 - BHO CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CProgram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - cprogram filesgooglegoogletoolbar2.dll
O2 - BHO Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - CWINDOWSsystem32OUGHYA~1.DLL (file missing)
O2 - BHO CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - CProgram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - CProgram FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - CProgram FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - cprogram filesgooglegoogletoolbar2.dll
O4 - HKLM..Run [ehTray] CWINDOWSehomeehtray.exe
O4 - HKLM..Run [Recguard] CWINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run [ccApp] CProgram FilesCommon FilesSymantec SharedccApp.exe
O4 - HKLM..Run [SunKistEM] CProgram FilesDigital Media Readershwiconem.exe
O4 - HKLM..Run [NeroFilterCheck] CWINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run [MCAgentExe] cPROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run [MCUpdateExe] CPROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run [IntelAudioStudio] CProgram FilesIntel Audio StudioIntelAudioStudio.exe BOOT
O4 - HKLM..Run [IgfxTray] CWINDOWSsystem32igfxtray.exe
O4 - HKLM..Run [HotKeysCmds] CWINDOWSsystem32hkcmd.exe
O4 - HKLM..Run [Persistence] CWINDOWSsystem32igfxpers.exe
O4 - HKLM..Run [CHotkey] zHotkey.exe
O4 - HKLM..Run [ShowWnd] ShowWnd.exe
O4 - HKLM..Run [RemoteControl] CProgram FilesCyberLinkPowerDVDPDVDServ.exe
O4 - HKLM..Run [ATIPTA] CProgram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run [Symantec NetDriver Monitor] CPROGRA~1SYMNET~1SNDMon.exe Consumer
O4 - HKLM..Run [WUSB54Gv4] CProgram FilesLinksys Wireless-G USB Wireless Network MonitorInvokeSvc3.exe
O4 - HKLM..Run [ATICCC] CProgram FilesATI TechnologiesATI.ACEcli.exe runtime -Delay
O4 - HKLM..Run [wmplayer] p2pnetworking.exe
O4 - HKLM..Run [SunJavaUpdateSched] CProgram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run [QuickTime Task] CProgram FilesQuickTimeqttask.exe -atboottime
O4 - HKLM..Run [keyboard] Cwindowskeyboard7.exe
O4 - HKLM..Run [mousepad] Cwindowsmousepad7.exe
O4 - HKLM..Run [newname] Cwindowsnewname7.exe
O4 - HKLM..Run [mohgxauA] CWINDOWSmohgxauA.exe
O4 - HKLM..Run [TheMonitor] CWINDOWSSYSC00.exe
O4 - HKLM..Run [win3207770-522458] CWINDOWSwin3207770-522458.exe
O4 - HKLM..Run [w1c3ba84.dll] RUNDLL32.EXE w1c3ba84.dll,I2 00013c5301c3ba84
O4 - HKLM..Run [BrowserUpdateSched] CWINDOWSsystem32nwinkrag.exe CORN001
O4 - HKLM..Run [ms04458770-522] CWINDOWSms04458770-522.exe
O4 - HKLM..Run [sys0222458770-5] CWINDOWSsys0222458770-5.exe
O4 - HKLM..Run [AVG7_CC] CPROGRA~1GrisoftAVGFRE~1avgcc.exe STARTUP
O4 - HKLM..Run [THGuard] CProgram FilesTrojanHunter 4.5THGuard.exe
O4 - HKLM..RunServices [wmplayer] p2pnetworking.exe
O4 - HKCU..Run [ATI Remote Control] CProgram FilesATI MultimediaRemCtrlATIRW.exe
O4 - HKCU..Run [DW4] CProgram FilesThe Weather Channel FWDesktop WeatherDesktopWeather.exe
O4 - Startup Stardock ObjectDock.lnk = CProgram FilesStardockObjectDockObjectDock.exe
O4 - Startup Zeno.lnk = CWINDOWSsystem32nwinkrag.exe
O4 - Global Startup BigFix.lnk = CProgram FilesBigFixBigFix.exe
O4 - Global Startup wmplayer.exe
O8 - Extra context menu item &Google Search - rescprogram filesgoogleGoogleToolbar2.dllcmsearch.html
O8 - Extra context menu item &Translate English Word - rescprogram filesgoogleGoogleToolbar2.dllcmwordtrans.html
O8 - Extra context menu item Backward Links - rescprogram filesgoogleGoogleToolbar2.dllcmbacklinks.html
O8 - Extra context menu item Cached Snapshot of Page - rescprogram filesgoogleGoogleToolbar2.dllcmcache.html
O8 - Extra context menu item E&xport to Microsoft Excel - resCPROGRA~1MICROS~2OFFICE11EXCEL.EXE3000
O8 - Extra context menu item Similar Pages - rescprogram filesgoogleGoogleToolbar2.dllcmsimilar.html
O8 - Extra context menu item Translate Page into English - rescprogram filesgoogleGoogleToolbar2.dllcmtrans.html
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CPROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - CProgram FilesAIMaim.exe
O9 - Extra button (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - CPROGRA~1Yahoo!MESSEN~1YPager.exe
O9 - Extra 'Tools' menuitem Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - CPROGRA~1Yahoo!MESSEN~1YPager.exe
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O16 - DPF {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - httpgo.microsoft.comfwlinklinkid=39204
O16 - DPF {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - httpswww.e-games.com.mycomEGamesPlugin.cab
O20 - Winlogon Notify igfxcui - CWINDOWSSYSTEM32igfxdev.dll
O23 - Service Ati HotKey Poller - ATI Technologies Inc. - CWINDOWSsystem32Ati2evxx.exe
O23 - Service ATI Smart - Unknown owner - CWINDOWSsystem32ati2sgag.exe
O23 - Service AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - CPROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - CPROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - CPROGRA~1GrisoftAVGFRE~1avgemc.exe
O23 - Service Symantec Event Manager (ccEvtMgr) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service Symantec Network Proxy (ccProxy) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service Symantec Password Validation (ccPwdSvc) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service Symantec Settings Manager (ccSetMgr) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service Command Service (cmdService) - Unknown owner - CWINDOWSV2luZG93cyBVc2Vycommand.exe (file missing)
O23 - Service InstallDriver Table Manager (IDriverT) - Macrovision Corporation - CProgram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service ISSvc (ISSVC) - Symantec Corporation - CProgram FilesNorton Internet SecurityISSVC.exe
O23 - Service McAfee WSC Integration (McDetect.exe) - McAfee, Inc - cprogram filesmcafee.comagentmcdetect.exe
O23 - Service McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - cPROGRA~1mcafee.comagentmctskshd.exe
O23 - Service McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - CPROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service Network Monitor - Unknown owner - CProgram FilesNetwork Monitornetmon.exe (file missing)
O23 - Service PrismXL - New Boundary Technologies, Inc. - CProgram FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service SAVScan - Symantec Corporation - CProgram FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service ScriptBlocking Service (SBService) - Symantec Corporation - CPROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service SymWMI Service (SymWSC) - Symantec Corporation - CProgram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 - Service Windows Overlay Components - Unknown owner - CWINDOWSmohgxau.exe (file missing)
O23 - Service WUSB54Gv4SVC - Unknown owner - CProgram FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe WUSB54Gv4.exe (file missing)
O23 - Service X10 Device Network Service (x10nets) - Unknown owner - CPROGRA~1ATIMUL~1RemCtrlx10nets.exe (file missing)

Edited by kumo, 02 April 2006 - 06:05 PM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:39 AM

Posted 06 April 2006 - 09:37 AM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:

Also, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:39 AM

Posted 15 April 2006 - 11:13 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users