check hijack this file

Computing.Net > Forums > Security and Virus > check hijack this file

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

check hijack this file

Name: clb199
Date: December 15, 2003 at 15:03:27 Pacific
OS: Windows XP Home
CPU/Ram: amd duron1.02 / 512k pc13

Comment:

I know hardware reasonable well, Registry entries and other Windows related "stuff" are not exactly my forte'. Now that i have shown my ignorance, Would one of you kindhearted people check my hijack this file and let me know. Have run spybot and avs
antivir 6 with updated definitions already. can't get rid of a trojan.
Logfile of HijackThis v1.97.7
Scan saved at 5:57:15 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AVPersonal\AVGUARD.exe
C:\Program Files\AVPersonal\AVWUPSRV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\AVPersonal\AVSched32.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\AVPersonal\AVGNT.exe
C:\Program Files\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.exe
C:\Program Files\Copper HiSpeed\copperhispeed.exe
C:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Copper HiSpeed\PBHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.exe /min
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.exe /min
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Copper HiSpeed\copperhispeed.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Copper HiSpeed\copperhispeed.exe/227
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\progra~1\copper~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\copper~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\copper~1\sliplsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\copper~1\sliplsp.dll
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37853.2103587963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF99973C-1404-11D0-8F00-00AA00BBF119} (ESB Control) - http://esb.alcena.com/esb.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACC9394-37B3-4E98-AE66-A647BCA4852F}: NameServer = 170.147.49.55 170.147.113.54

Sponsored Link

Ads by Google

Response Number 1

Name: TheKid
Date: December 15, 2003 at 17:37:13 Pacific

Reply:

"...can't get rid of a trojan."

Excuse my ignorance,but,what is the the trojan? Did your "antivir 6" detect it?
Did antivir 6/SpyBot give it a name?
Have you tried Adaware,a free/trial/online version of any Trojan scanner? Tried an online trojan and/or virus scan?

Housecall / free online scan
Symantec Security Check
http://www.trojanscan.com/

Response Number 2

Name: clb199
Date: December 16, 2003 at 06:13:35 Pacific

Reply:

These are the lines in the the antivirus logfile that I think may be pertinent. I am now running trojan scan as you suggested will post results. thanks for trojan scan address.

The Trojan horse TR/SecondThought.A!
C:\PROGRAM FILES\STC\SLMSS.exe
WARNING: The Trojan horse TR/SecondThought.A!
C:\DOCUMENTS AND SETTINGS\CLIFTON BARNES\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0PMZOPEN\SLMSS[1].exe
File has been deleted!
2/9/2003,19:48 WARNING: AVGuard detected a problem in the file
C:\DOCUME~1\CLIFTO~1\LOCALS~1\TEMP\V3QO3FA03004
INFO: This executable has an invalid start address!
12/9/2003,19:50 WARNING: AVGuard detected a problem in the file
C:\DOCUME~1\CLIFTO~1\LOCALS~1\TEMP\V3QO3FB03004
INFO: This executable has an invalid start address!
12/9/2003,20:51 WARNING: AVGuard detected a problem in the file
C:\DOCUME~1\CLIFTO~1\LOCALS~1\TEMP\V3O83FA00324
INFO: This executable has an invalid start address!
12/9/2003,20:54 WARNING: AVGuard detected a problem in the file
C:\DOCUME~1\CLIFTO~1\LOCALS~1\TEMP\V3O83FB00324
INFO: This executable has an invalid start address!
WARNING: Contains signature of the worm Worm/SpyBot.P2P.Gen!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D28ABF86-B8B9-4018-B688-CEEFB399E72D}\RP139\A0011012.exe

Response Number 3

Name: clb199
Date: December 16, 2003 at 08:54:31 Pacific

Reply:

I ran the trojan scan as you suggested. It came back as clean. thansk anyways. I tried for a couple of days to rid this from puter, guess I got lucky. thanks

Sponsored Link

Ads by Google

grammer check unknown file in winsock lsp hijack this COMMON FILES	integrity check failed this file has been modified. reason might be a possi bios.exe integrity check fail !This file has been modified. Reason mignt be integrity check failed! this file has been modified. reason might be a poss
See More

Trojan winfavs

Need help My PC is infect...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: check hijack this file

Hijack This Log

Summary

www.computing.net/answers/security/hijack-this-log/10301.html

hijack this file

Summary

www.computing.net/answers/security/hijack-this-file/13002.html

Log file generated from Hijack this

Summary

www.computing.net/answers/security/log-file-generated-from-hijack-this/6049.html

From the Geek Dictionary
50dkp minus - being a dumba**

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Dual Monitors

beep and restart distorted display multiple s

Can't connect to internet

link from Excel

Google Wave

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE