Ask Experts Questions for FREE Help!
Ask    ||    Answer
 
Advanced  
 

Ask QuestionsprogressAnswer QuestionsprogressBuild ReputationprogressBecome an Expert
 
Free Answers in 3 Easy Steps

Register Now		 3 Steps

At Ask Me Help Desk you can ask questions in any topic and have them answered for free by our experts. To ask questions or participate in answering them you must register for a free account. By registering you will be able to:
  • Get free answers from experts in any of our 300+ topics.
  • Accept money for answers that you provide.
  • Communicate privately with other members (PM).
  • See fewer ads.

Home > Computers & Technology > Security > Spyware, Viruses, etc.   »   Hijack this logfile

Answer this Question Ask about Spyware, Viruses, etc.
 
Thread Tools Search this Thread Display Modes
Question
 
 
#1  
Old Jun 25, 2008, 10:11 AM
Duecey93's Avatar
Duecey93
Full Member
Duecey93 is offline 		 
Join Date: Nov 2007
Posts: 223
Duecey93 See this member's comment history on his/her Profile page.
Hijack this logfile
This is my HijackThis logfile but I couln't analyze it for spyware with the program HijackThis because I found out I would get spyware on my pc if i did since HijackThis was bought out by TrendMicro; so could anyone tell me if they spotted spyware:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:16 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = COX.net for Hampton Roads - Home
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {378ABD4E-1471-46AB-A35E-B04EE10AD7A0} - C:\WINDOWS\system32\fccyxwWm.dll (file missing)
O2 - BHO: (no name) - {4E59D533-8183-4891-B657-D1ED8E8ED5CB} - C:\WINDOWS\system32\hgGyvstU.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8F8CEEF1-3393-47B5-A5E5-94AE8C71979A} - C:\WINDOWS\system32\iifCVlmm.dll (file missing)
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUmMCRI.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: (no name) - {B2DD45E2-0B28-4FF3-B257-AEB5A3A11BD0} - C:\WINDOWS\system32\byXoomKb.dll (file missing)
O2 - BHO: (no name) - {E2BAA01F-EE6F-431E-8EFC-A9907B678560} - C:\WINDOWS\system32\tuvUNgGw.dll (file missing)
O2 - BHO: (no name) - {EA219909-B178-40A3-ACE2-7DD209447DA3} - C:\WINDOWS\system32\qoMfcdEw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\vlarxtod.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [yrjlentu] C:\WINDOWS\system32\tmfopcxk.exe
O4 - HKCU\..\Run: [yuqgfcmn] C:\WINDOWS\system32\gpydutkp.exe
O4 - HKCU\..\Run: [oidcivqj] C:\WINDOWS\system32\orcvqpkz.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1173055046765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173055034203
O20 - Winlogon Notify: wvUmMCRI - wvUmMCRI.dll (file missing)
O21 - SSODL: qdnkewfa - {65217AB2-022E-4E8C-8885-42A772381977} - C:\WINDOWS\qdnkewfa.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9657 bytes

Reply With Quote
 
     

Answers
 
 
Old Jun 25, 2008, 10:50 AM   #2  
Software Expert
JBeaucaire is offline
 
JBeaucaire's Avatar
 
Join Date: Jan 2008
Location: (Call me JB) Bakersfield, CA
Posts: 4,697
JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.
Pay to call JBeaucaire for advice ($.75/min)
Call JBeaucaire via Skype™
What makes you suspect spyware? Is there some odd behavior you're troubleshooting?
  Reply With Quote
 
     
 
 
Old Jun 29, 2008, 12:00 PM   #3  
Full Member
Duecey93 is offline
 
Duecey93's Avatar
 
Join Date: Nov 2007
Posts: 223
Duecey93 See this member's comment history on his/her Profile page.
Internet Explorer on my pc sometimes doesn't open but everything else on my computer like firefox opens fine.
  Reply With Quote
 
     
 
 
Old Jun 29, 2008, 04:34 PM   #4  
Software Expert
JBeaucaire is offline
 
JBeaucaire's Avatar
 
Join Date: Jan 2008
Location: (Call me JB) Bakersfield, CA
Posts: 4,697
JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.JBeaucaire See this member's comment history on his/her Profile page.
Pay to call JBeaucaire for advice ($.75/min)
Call JBeaucaire via Skype™
Try this:
  1. Open up MY DOCUMENTS
  2. In the address bar for My Documents, type Yahoo!
  3. Are you now able to surf around using this back door to the web?
  4. If so, click on TOOLS > INTERNET SETTINGS > SECURITY
  5. Click on ADVANCED > RESET
  6. Now save out of the Tools menu and close the browser
  7. Try opening Internet Explorer normally now. Any joy?
If you were not able to get IE open this way long enough to try this reset, you can access the same setups through:

CONTROL PANEL > INTERNET SETTINGS
  Reply With Quote
 
     
 
 
Old Jul 1, 2008, 06:11 AM   #5  
Full Member
Duecey93 is offline
 
Duecey93's Avatar
 
Join Date: Nov 2007
Posts: 223
Duecey93 See this member's comment history on his/her Profile page.
It worked. Thank you J.B.!
  Reply With Quote
 
     
 
 
Old Jul 8, 2008, 01:49 PM   #6  
Full Member
invisibleman_productions is offline
 
Join Date: Jul 2006
Posts: 207
invisibleman_productions See this member's comment history on his/her Profile page.
Send a message via Yahoo to invisibleman_productions
Just ran your log thought the auto analyzer HijackThis Logfileauswertung

And it found
O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUmMCRI.dll (file missing)

Must be fixed!
Unnecessary (deactivated) entry that can be fixed. [random filename] - ConHook, http://research.sunbelt-software.com/thr eatdisplay.aspx?threatid=45786 aka Chisyne, CA Global Security Advisor - CA info/virus.aspx?id=48117 trojan variant - VirtuMonde/Vundo, http://www.symantec.com/security_resp

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Nasty
This entry was classified from our visitors as bad.

looks like you got a vundo infection.

you also seem to have 2 anti virus software on the computer 1) Avira 2) symantec. this could slow down your computer .

Do run all the 5 steps listed here to be sure your computer is spyware free.

Comments on this post
Duecey93 agrees: What should I do about the BHO's files being missing?
  Reply With Quote
 
     

Your Answer
Email me when someone replies to my answer
Join Login



Answer this Question Ask about Spyware, Viruses, etc.

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

 
Similar Sponsors


Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page

Similar Threads
Hijack This!/Windows Defender
(0 replies)
Having error messages, log file from hijack this enclosed
(12 replies)
hijack this enclosed internet explorer
(0 replies)
ie settings hijack?
(1 replies)

Search this Thread

Advanced Search

Bookmarks

Sponsors



Copyright ©2003 - 2009, Ask Me Help Desk.
All times are GMT -8. The time now is 03:55 AM.