secthought.e with hijack log

Discussion in 'adware, spyware & hijack cleaning' started by angieness, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. angieness

    angieness Registered Member

    Joined:
    May 4, 2004
    Posts:
    5
    I just got this file off my system and out of my registry hopefully for good, last time I had this virus I had a number of problems making it stay gone so I'm posting this log just to be safe, and to be aware of any other issues that might have been found by hijack this. I'm on a Dell PC running Windows XP

    Logfile of HijackThis v1.97.7
    Scan saved at 4:04:33 AM, on 7/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\WyvernWorks\Firewall 2003\Firewall 2003.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Documents and Settings\Heather\My Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;http://localhost;<local>
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [WyvernWorks Firewall] C:\Program Files\WyvernWorks\Firewall 2003\Firewall.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi angieness,

    Check the item below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

    And do you have any idea where these came from or belong to?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\apptoport.dll

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.