hijacked again, help please

Discussion in 'WormGuard' started by krpaint, Jan 17, 2006.

Thread Status:
Not open for further replies.
  1. krpaint

    krpaint Registered Member

    Joined:
    Jan 17, 2006
    Posts:
    1
    Logfile of HijackThis v1.99.1
    Scan saved at 8:48:19 PM, on 1/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Common Files\STOPzilla!\SZServer.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\Program Files\STOPzilla!\STOPzilla.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\AWS\WeatherBug\Weather.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\MemTurbo30\MemTurbo.exe
    D:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    D:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    D:\Program Files\LimeWire\LimeWire.exe
    D:\Program Files\iTunes\iTunes.exe
    D:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\VNCom LLC\Explorer 2002\E2.EXE
    D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    D:\Program Files\RFA\rfagent.exe
    D:\Program Files\DAP\DAP.exe
    D:\WINDOWS\system32\notepad.exe
    D:\PROGRA~1\WinZip\winzip32.exe
    D:\DOCUME~1\Kevin\LOCALS~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (D:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\medqtzr2.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\medqtzr2.slt\prefs.js)
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\dapbho.dll
    O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - D:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\PROGRA~1\quickbar\quickbar.dll
    O2 - BHO: WSR_IEplug - {4E9CAE1A-545D-48EA-8EEF-4D1DB6695AD3} - D:\Program Files\Sytexis Software\Web Stream Recorder\wsr_ieplug.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - D:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
    O2 - BHO: RUPKPro - {93E4D845-DBA0-47F0-8720-4549BDACF648} - D:\PROGRA~1\HITWAR~1\hwpkpro.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - D:\PROGRA~1\quickbar\quickbar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [STOPzilla] D:\Program Files\STOPzilla!\STOPzilla.exe /autostart
    O4 - HKLM\..\Run: [DCEnd4sVu] D:\WINDOWS\jiqwta.exe
    O4 - HKLM\..\Run: [mm_server] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe"
    O4 - HKLM\..\Run: [PhilipsRemote] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe"
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [rfagent] "D:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: ["d:\Program Files\mm_tray.exe"] "D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [d:\MUSICM~1\MMJB\mimboot.exe] D:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [rfagent] "D:\Program Files\RFA\rfagent.exe"
    O4 - Startup: MemTurbo.lnk = D:\Program Files\MemTurbo30\MemTurbo.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
    O4 - Global Startup: Desktop Manager.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O9 - Extra button: @D:\Program Files\4Team Corporation\Fax4Office\Fax4IE.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Send Fax - {410C30C7-098A-4090-928E-F1D356D34C7F} - D:\WINDOWS\System32\shdocvw.dll (HKCU)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - D:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E2D0C302-74B9-4B89-B3DB-F3B18E0D6B5D} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E2D0C302-74B9-4B89-B3DB-F3B18E0D6B5D} - (no file) (HKCU)
    O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113622492835
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - http://entimg.msn.com/client/msnediag3313.cab
    O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - https://www.chronotek.net/reports/viewer/arview2.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: STOPzilla Service (szserver) - Unknown owner - D:\Program Files\Common Files\STOPzilla!\SZServer.exe
    O23 - Service: WUSB54Gv4SVC - Unknown owner - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
     
    krpaint, Jan 17, 2006
    #1
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Wayne - DiamondCS, Jan 17, 2006
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...