Solved: trojan won't die: Hijack log attached

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wrighta

Thread Starter
Joined
Sep 3, 2004
Messages
33
Thank you in advance to anyone with advice.

I have scanned my system twice with PANDA Online and keep finding the same trojan. However the trojan does not show up at all on the AVG which runs from my local disk.

Here is the Hijack This! log which I get presently:

Logfile of HijackThis v1.97.7

Scan saved at 3:55:53 PM, on 3/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGANT~1.0\avgserv.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\program files\iomega 4.0.2\DriveIcons\ImgIcon.exe
C:\PROGRA~1\NEWMEN~1\Amoumain.exe
C:\PROGRA~1\AVGANT~1.0\avgcc32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Acrobat 5.0.5\Distillr\AcroTray.exe
C:\Program Files\IE Plugins\MRUblaster\MRU-Blaster\scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 5.0.5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.2\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Iomega Drive Icons] c:\program files\iomega 4.0.2\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] c:\program files\iomega 4.0.2\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\NEWMEN~1\Amoumain.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\AVGANT~1.0\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Process Guard Free.lnk = C:\Program Files\ProcessGuard\procguard.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Acrobat 5.0.5\Distillr\AcroTray.exe
O4 - Global Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\IE Plugins\MRUblaster\MRU-Blaster\scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.6451273148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
 
Joined
Oct 13, 2003
Messages
2,367
Open HJT. Click "Scan". Put checkmarks next to these, to start with...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

Close ALL browser windows and click "Fix checked".

Restart your computer.

You have an outdated version of HiJackThis. (It's currently at v1.98.2)

To update HiJackThis:

Open the program. click "Config..." --> "Misc. Tools" --> "Check for Update Online".

Or:

Please go to this site and download HiJackThis:

***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.

http://www.spywareinfo.com/~merijn/downloads.html

Under "Official Downloads" HiJackThis. It's the 2nd one down.

Download and unzip to a permanent folder of your own creation.

Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

Save it to your permanent HiJackThis folder (or floppy disk if necessary).

The log will open in Notepad. Click "Edit" then "Select All".

Copy and paste the log back to this thread.

Alternate download links:

http://www.spychecker.com/program/hijackthis.html

http://www.majorgeeks.com/download3155.html
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top