Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:29:04, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {48ABE9D7-B8CD-470A-BA1E-CA66CB6FEEF0} - C:\WINDOWS\system32\khfCvttt.dll (file missing)
O2 - BHO: (no name) - {4AAE8F69-E0CE-4391-9D08-D41F94F12972} - C:\WINDOWS\system32\urqomjig.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {96d596de-4844-852b-b744-5badaa51b357} - {753b15aa-dab5-447b-b258-4484ed695d69} - C:\WINDOWS\system32\btxvwwug.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {9831CBC1-E21D-4F7E-BCF4-243845B1769D} - C:\WINDOWS\system32\ljJYsQig.dll (file missing)
O2 - BHO: (no name) - {9F5F33BD-1831-491C-9A2B-6B69FDFA1EEB} - C:\WINDOWS\system32\qoMdEXPH.dll (file missing)
O2 - BHO: (no name) - {A3AD2494-3CEF-4026-8E79-89B37D4ABF48} - C:\WINDOWS\system32\ddcYqopM.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1...
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\opnlMgfg.dll (file missing)
O2 - BHO: (no name) - {C10748D9-AFBB-4021-917D-53161357D8A0} - C:\WINDOWS\system32\opnnkjgG.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [80cd3102] rundll32.exe "C:\WINDOWS\system32\ykadnfuu.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SMrhctrpj0erc1] C:\Program Files\rhctrpj0erc1\rhctrpj0erc1.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA806] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC13] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4767] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2038] cmd /c del "C:\WINDOWS\pskt.ini"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6740] command /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7644] cmd /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3067] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7391] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1849] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4141] cmd /c del "C:\WINDOWS\pskt.ini"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL...
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon....
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.... (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.e...
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.e...
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.ex...
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.ex...
--
End of file - 8204 bytes When in doubt go to the source. The following should help. I have included the web page link.
Each line in a HijackThis log starts with a section name. (For technical information on this, click 鈥業nfo鈥?in the main window and scroll down. Highlight a line and click 鈥楳ore info on this item鈥?) For practical information, click the section name you need help with:
* R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
* F0, F1 - Autoloading programs
* F2, F3 - Autoloading programs mapped to the Registry
* N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
* O1 - Hosts file redirection
* O2 - Browser Helper Objects
* O3 - Internet Explorer toolbars
* O4 - Autoloading programs from Registry
* O5 - IE Options icon not visible in Control Panel
* O6 - IE Options access restricted by Administrator
* O7 - Regedit access restricted by Administrator
* O8 - Extra items in IE right-click menu
* O9 - Extra buttons on main IE button toolbar, or extra items in IE 鈥楾ools鈥?menu
* O10 - Winsock hijacker
* O11 - Extra group in IE 鈥楢dvanced Options鈥?window
* O12 - IE plugins
* O13 - IE DefaultPrefix hijack
* O14 - 鈥楻eset Web Settings鈥?hijack
* O15 - Unwanted site in Trusted Zone
* O16 - ActiveX Objects (aka Downloaded Program Files)
* O17 - Lop.com domain hijackers
* O18 - Extra protocols and protocol hijackers
* O19 - User style sheet hijack
* O20 - AppInit_DLLs Registry value autorun
* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
* O22 - SharedTaskScheduler autorun Registry key
* O23 - Services
* O24 - ActiveX Desktop Components These entries look bad to me, but I'm not sure what the entries marked SpybotDeleting are meant for.
O2 - BHO: (no name) - {48ABE9D7-B8CD-470A-BA1E-CA66CB6FEEF0} - C:\WINDOWS\system32\khfCvttt.dll (file missing)
O2 - BHO: (no name) - {4AAE8F69-E0CE-4391-9D08-D41F94F12972} - C:\WINDOWS\system32\urqomjig.dll (file missing)
O2 - BHO: {96d596de-4844-852b-b744-5badaa51b357} - {753b15aa-dab5-447b-b258-4484ed695d69} - C:\WINDOWS\system32\btxvwwug.dll (file missing)
O2 - BHO: (no name) - {9831CBC1-E21D-4F7E-BCF4-243845B1769D} - C:\WINDOWS\system32\ljJYsQig.dll (file missing)
O2 - BHO: (no name) - {9F5F33BD-1831-491C-9A2B-6B69FDFA1EEB} - C:\WINDOWS\system32\qoMdEXPH.dll (file missing)
O2 - BHO: (no name) - {A3AD2494-3CEF-4026-8E79-89B37D4ABF48} - C:\WINDOWS\system32\ddcYqopM.dll (file missing)
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\opnlMgfg.dll (file missing)
O2 - BHO: (no name) - {C10748D9-AFBB-4021-917D-53161357D8A0} - C:\WINDOWS\system32\opnnkjgG.dll (file missing)
O4 - HKLM\..\Run: [80cd3102] rundll32.exe "C:\WINDOWS\system32\ykadnfuu.dll",b
O4 - HKLM\..\Run: [SMrhctrpj0erc1] C:\Program Files\rhctrpj0erc1\rhctrpj0erc1.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA806] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC13] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4767] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2038] cmd /c del "C:\WINDOWS\pskt.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6740] command /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7644] cmd /c del "C:\WINDOWS\system32\ddcYqopM.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3067] command /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7391] cmd /c del "C:\WINDOWS\system32\lphcprpj0erc1.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1849] command /c del "C:\WINDOWS\pskt.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4141] cmd /c del "C:\WINDOWS\pskt.ini" restart computer immediately, and run both virus scanner, ad-aware, and spybot, something is ******* with your registry, (BAD **** IS HAPPENING) spy bot and the logs that say file missing and stuff that looks like it shouldnt be there its a virus spy boot i think i sa virus it self |
