hijacked again, help please

Discussion in 'WormGuard' started by krpaint, Jan 17, 2006.

Thread Status:
Not open for further replies.
  1. krpaint
    Offline

    krpaint Registered Member

    Logfile of HijackThis v1.99.1
    Scan saved at 8:48:19 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\STOPzilla!\SZServer.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\Program Files\STOPzilla!\STOPzilla.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\AWS\WeatherBug\Weather.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\MemTurbo30\MemTurbo.exe
    D:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    D:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    D:\Program Files\LimeWire\LimeWire.exe
    D:\Program Files\iTunes\iTunes.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\VNCom LLC\Explorer 2002\E2.EXE
    D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    D:\Program Files\RFA\rfagent.exe
    D:\Program Files\DAP\DAP.exe
    D:\WINDOWS\system32\notepad.exe
    D:\PROGRA~1\WinZip\winzip32.exe
    D:\DOCUME~1\Kevin\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (D:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\medqtzr2.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\medqtzr2.slt\prefs.js)
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\dapbho.dll
    O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - D:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\PROGRA~1\quickbar\quickbar.dll
    O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - D:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - D:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
    O2 - BHO: RUPKPro - {93E4D845-DBA0-47F0-8720-4549BDACF648} - D:\PROGRA~1\HITWAR~1\hwpkpro.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\PROGRA~1\quickbar\quickbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /autostart
    O4 - HKLM\..\Run: [DCEnd4sVu] D:\WINDOWS\jiqwta.exe
    O4 - HKLM\..\Run: [mm_server] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe"
    O4 - HKLM\..\Run: [PhilipsRemote] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe"
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [rfagent] "D:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: ["d:\Program Files\mm_tray.exe"] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [d:\MUSICM~1\MMJB\mimboot.exe] D:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [rfagent] "D:\Program Files\RFA\rfagent.exe"
    O4 - Startup: MemTurbo.lnk = D:\Program Files\MemTurbo30\MemTurbo.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O4 - Global Startup: Desktop Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O9 - Extra button: @D:\Program Files\4Team Corporation\Fax4Office\Fax4IE.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Send Fax - {410C30C7-098A-4090-928E-F1D356D34C7F} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - D:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E2D0C302-74B9-4B89-B3DB-F3B18E0D6B5D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E2D0C302-74B9-4B89-B3DB-F3B18E0D6B5D} - (no file) (HKCU)
    O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113622492835
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3313.cab
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.chronotek.net/reports/viewer/arview2.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\STOPzilla!\SZServer.exe
    O23 - Service: WUSB54Gv4SVC - Unknown owner - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
  2. Wayne - DiamondCS
    Offline

    Wayne - DiamondCS Security Expert

Thread Status:
Not open for further replies.