Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan found last night...new log posted...would a

Started by delicious , Jul 10 2005 09:14 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 delicious

delicious

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 10 July 2005 - 09:14 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:55:33 AM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\System32\Ati2evxx.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Symantec Shared\ccProxy.exe
J:\PROGRA~1\SYMANT~1\DefWatch.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
J:\PROGRA~1\SYMANT~1\Rtvscan.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
J:\PROGRA~1\SYMANT~1\vptray.exe
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
J:\WINDOWS\system32\wscntfy.exe
J:\WINDOWS\system32\Notepad.exe
J:\WINDOWS\system32\cmd.exe
J:\Program Files\Linksys\LogViewer\LogViewer.exe
J:\Program Files\Tor\tor.exe
J:\WINDOWS\ALCFDRTM.EXE
J:\Program Files\Mozilla Firefox\firefox.exe
J:\Documents and Settings\seanster.DELICIOUS\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - J:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - J:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ATIPTA] J:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "J:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [vptray] J:\PROGRA~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] J:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = J:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: j:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: J:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120408852406
O20 - Winlogon Notify: NavLogon - J:\WINDOWS\system32\NavLogon.dll
O23 - Service: app_filter - Unknown owner - J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - J:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - J:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - J:\PROGRA~1\SYMANT~1\DefWatch.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - J:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - J:\PROGRA~1\SYMANT~1\Rtvscan.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - J:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



Thanks,

Sean

    Advertisements

Register to Remove

#2 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 17 July 2005 - 11:14 AM

Hello delicious;

Your Hijack This log seems to be clean.

If you dont have these three FREE programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening.

Since you state that a Trojan was found, lets see if Ewido can find any.

Please download, install, update and scan your system with the free version of Ewido trojan scanner:[list=1]
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will update the database now.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
[*]If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
[*]When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

When we have finished and your PC has been determined to be clean, please uninstall Ewido (trial).
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#3 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 30 July 2005 - 09:35 AM

This topic will be closed, due to no response.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#4 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 30 July 2005 - 09:35 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·