Karl`s PC Help Forums

BlueII HJT for Pancake
blue11 - 20-7-2008 at 23:55

-----Help_Anyone-----------------L
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:04 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantecSPAsmc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantecSPAsnac.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesBroadcomASFIPMonAsfIpMon.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesMicrosoft IntelliPointipoint.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSymantec AntiVirusSavRoam.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe
C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWUSB54GC.exe
C:Program FilesSymantecSPASmcGui.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32alg.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66008
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [AudioDrvEmulator] "C:Program FilesCreativeShared FilesModule LoaderDLLML.exe" -1 AudioDrvEmulator "C:Program FilesCreativeShared FilesModule LoaderAudio EmulatorAudDrvEm.dll"
O4 - HKLM..Run: [DLCXCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [IntelliPoint] "C:Program FilesMicrosoft IntelliPointipoint.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobeAdobe Photoshop Lightroom 1.4apdproxy.exe"
O4 - HKLM..Run: [e052f4a8] rundll32.exe "C:WINDOWSsystem32eokligmf.dll",b
O4 - HKLM..Run: [SpyHunter Security Suite] C:Program FilesEnigma Software GroupSpyHunterSpyHunter3.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O17 - HKLMSystemCCSServicesTcpip..{B2D951DA-6CA3-4F54-9131-ADECA2422C35}: NameServer = 71.242.0.12,71.250.0.12
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:WINDOWSsystem32KuGoo3DownXControl.ocx (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:WINDOWSsystem32KuGoo3DownXControl.ocx (file missing)
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:Program FilesBroadcomASFIPMonAsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - C:Program FilesSymantecSPAsmc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - C:Program FilesSymantecSPAsnac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:Program FilesCompact Wireless-G USB Adapter Wireless Network MonitorWLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/dell/E-Center/images/dell_logo.gif
O24 - Desktop Component 1: (no name) - file:///C:/dell/E-Center/images/header_bg.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/LEEPAY~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 9867 bytes
T.Y.--- L


blue11 - 21-7-2008 at 00:00

Has anyone delt with tracking processes that cannot deactivate spyware programs given an address??

Not use to these threats--

--L


Pancake - 21-7-2008 at 00:07

blue11.
Please post your log in a thread of its own if you still require help to remove that trojan.


LSemmens - 21-7-2008 at 13:48

Split thread to make it easier for Pancake and BlueII (welcome BTW)


blue11 - 21-7-2008 at 21:13

tHANKS ALL (PAN, LSEM)

L