Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Routine Check [RESOLVED]


  • This topic is locked This topic is locked

#1
.:bob schmo:.

.:bob schmo:.

    Member

  • Member
  • PipPip
  • 59 posts
Here is my HJ log, followed all the steps already. Also, I am posting my SB S&D startup log because it looks a little funny if you know what I mean...

HJ:

Logfile of HijackThis v1.99.1
Scan saved at 7:26:26 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis!\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121061067941
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

SBS&D:


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi
2005-08-26 Includes\Dialer.sbi
2005-09-01 Includes\Hijackers.sbi
2005-08-16 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-01 Includes\Malware.sbi
2005-08-12 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-08-25 Includes\Security.sbi
2005-09-01 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-01 Includes\Trojans.sbi

Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
size: 479232
MD5: 3df7ac30a381c57d0c70eaefee3c4ef2

Located: HK_LM:Run, Advanced Tools Check
command: C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
file: C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
size: 78976
MD5: 54550331a554eb5000f76826054b2e71

Located: HK_LM:Run, ANIWZCSService
command: C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
file: C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
size: 32768
MD5: 8cfd8e09529d132abd2f8acad41a1c6c

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 35e1f41f9cea284f8484172180dc1012

Located: HK_LM:Run, D-Link AirPlus Xtreme G
command: C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
file: C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
size: 2498560
MD5: 94dc3e8ab3d0131e149c855ca539c4be

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf

Located: HK_LM:Run, Gravis Xperience Driver Support
command: Grxp4exe.exe /init
file: C:\WINDOWS\system32\Grxp4exe.exe
size: 36864
MD5: 7ecfc46a22de95556d60b3f1bf03bd4b

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8f5581d1be59577cacd5b43cfc5e4447

Located: HK_LM:Run, kmw_run.exe
command: kmw_run.exe
file: C:\WINDOWS\system32\kmw_run.exe
size: 106496
MD5: 5ee1ad8304f6f9c1fc3ac9b1223f9890

Located: HK_LM:Run, MSWheel
command:
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RoxioEngineUtility
command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
file: C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
size: 69632
MD5: a6500f81f5dc968827a391173bf0aba4

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
size: 36975
MD5: d3e445a99a1142c35d8d3100b5564591

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c

Located: HK_LM:Run, TraySantaCruz
command: C:\WINDOWS\system32\tbctray.exe
file: C:\WINDOWS\system32\tbctray.exe
size: 290816
MD5: db287a128b405524e45534d6eaecd066

Located: HK_LM:Run, type32
command: "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
file: C:\Program Files\Microsoft IntelliType Pro\type32.exe
size: 184320
MD5: dc9064f7963a69476f3ec51b82d4ae9d

Located: HK_LM:Run, WinPatrol
command: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
file: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
size: 218688
MD5: 75b76261591db03eac1fb7eeeebee75a

Located: HK_LM:Run, RoxioAudioCentral (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
file: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
size: 253952
MD5: 868031dc287f4c51642dcd4215ef1107

Located: HK_LM:Run, RoxioDragToDisc (DISABLED)
command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
file: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
size: 757760
MD5: 08c636d58074a15a1234c50b2fb13a1c

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, DesktopX
command: "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
file:

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: Startup (user), PowerMenu.lnk
command: C:\Program Files\PowerMenu\PowerMenu.exe
file: C:\Program Files\PowerMenu\PowerMenu.exe
size: 57344
MD5: cd1606ac1029dfcbe630f86598133635

Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87

Located: Startup (user), Stardock ObjectDock.lnk
command: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
file: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
size: 1826885
MD5: ffed2f0c2e32579f2e07404b2ab7e6bf

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#3
.:bob schmo:.

.:bob schmo:.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Nope, I'm good, thanks.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP