Ask Experts Questions for FREE Help !
Ask
    Duecey93's Avatar
    Duecey93 Posts: 207, Reputation: 3
    Full Member
     
    #1

    Jun 25, 2008, 10:11 AM
    Hijack this logfile
    This is my HijackThis logfile but I couln't analyze it for spyware with the program HijackThis because I found out I would get spyware on my PC if I did since HijackThis was bought out by TrendMicro; so could anyone tell me if they spotted spyware:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:41:16 PM, on 6/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = COX.net for Hampton Roads - Home
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {378ABD4E-1471-46AB-A35E-B04EE10AD7A0} - C:\WINDOWS\system32\fccyxwWm.dll (file missing)
    O2 - BHO: (no name) - {4E59D533-8183-4891-B657-D1ED8E8ED5CB} - C:\WINDOWS\system32\hgGyvstU.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {8F8CEEF1-3393-47B5-A5E5-94AE8C71979A} - C:\WINDOWS\system32\iifCVlmm.dll (file missing)
    O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUmMCRI.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
    O2 - BHO: (no name) - {B2DD45E2-0B28-4FF3-B257-AEB5A3A11BD0} - C:\WINDOWS\system32\byXoomKb.dll (file missing)
    O2 - BHO: (no name) - {E2BAA01F-EE6F-431E-8EFC-A9907B678560} - C:\WINDOWS\system32\tuvUNgGw.dll (file missing)
    O2 - BHO: (no name) - {EA219909-B178-40A3-ACE2-7DD209447DA3} - C:\WINDOWS\system32\qoMfcdEw.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\.. \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\.. \Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\.. \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\.. \Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\.. \Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\.. \Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\.. \Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\.. \Run: [SfKg6w] C:\WINDOWS\vlarxtod.exe
    O4 - HKLM\.. \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\.. \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\.. \Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\.. \Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\.. \Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\.. \Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\.. \Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\.. \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\.. \Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\.. \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\.. \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\.. \Run: [yrjlentu] C:\WINDOWS\system32\tmfopcxk.exe
    O4 - HKCU\.. \Run: [yuqgfcmn] C:\WINDOWS\system32\gpydutkp.exe
    O4 - HKCU\.. \Run: [oidcivqj] C:\WINDOWS\system32\orcvqpkz.exe
    O4 - HKUS\S-1-5-18\.. \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\.. \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1173055046765
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173055034203
    O20 - Winlogon Notify: wvUmMCRI - wvUmMCRI.dll (file missing)
    O21 - SSODL: qdnkewfa - {65217AB2-022E-4E8C-8885-42A772381977} - C:\WINDOWS\qdnkewfa.dll (file missing)
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 9657 bytes
    JBeaucaire's Avatar
    JBeaucaire Posts: 5,426, Reputation: 997
    Software Expert
     
    #2

    Jun 25, 2008, 10:50 AM
    What makes you suspect spyware? Is there some odd behavior you're troubleshooting?
    Duecey93's Avatar
    Duecey93 Posts: 207, Reputation: 3
    Full Member
     
    #3

    Jun 29, 2008, 12:00 PM
    Internet Explorer on my PC sometimes doesn't open but everything else on my computer like Firefox opens fine.
    JBeaucaire's Avatar
    JBeaucaire Posts: 5,426, Reputation: 997
    Software Expert
     
    #4

    Jun 29, 2008, 04:34 PM
    Try this:
    1. Open up MY DOCUMENTS
    2. In the address bar for My Documents, type Yahoo!
    3. Are you now able to surf around using this back door to the web?
    4. If so, click on TOOLS > INTERNET SETTINGS > SECURITY
    5. Click on ADVANCED > RESET
    6. Now save out of the Tools menu and close the browser
    7. Try opening Internet Explorer normally now. Any joy?

    If you were not able to get IE open this way long enough to try this reset, you can access the same setups through:

    CONTROL PANEL > INTERNET SETTINGS
    Duecey93's Avatar
    Duecey93 Posts: 207, Reputation: 3
    Full Member
     
    #5

    Jul 1, 2008, 06:11 AM
    It worked. Thank you J.B.
    invisibleman_productions's Avatar
    invisibleman_productions Posts: 207, Reputation: 12
    Full Member
     
    #6

    Jul 8, 2008, 01:49 PM
    Just ran your log thought the auto analyzer HijackThis Logfileauswertung

    And it found
    O2 - BHO: (no name) - {A98D0065-7326-41B5-B8D9-C5B692CDB82F} - C:\WINDOWS\system32\wvUmMCRI.dll (file missing)

    Must be fixed!
    Unnecessary (deactivated) entry that can be fixed. [random filename] - ConHook, http://research.sunbelt-software.com/thr eatdisplay.aspx?threatid=45786 aka Chisyne, CA Global Security Advisor - CA info/virus.aspx?id=48117 trojan variant - VirtuMonde/Vundo, http://www.symantec.com/security_resp

    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    Nasty
    This entry was classified from our visitors as bad.

    looks like you got a vundo infection.

    you also seem to have 2 anti virus software on the computer 1) Avira 2) symantec. This could slow down your computer .

    Do run all the 5 steps listed here to be sure your computer is spyware free.

Not your question? Ask your question View similar questions

 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

Getting memory error messages [ 12 Answers ]

I've been having error messages like this: The instruction at "0x01762bf2" referenced memory at "0x01806680". The memory could not be "read" Click on OK to terminate the program. I've written about this error message before in a previous question but I'vre never sent a log file because I didn't...

Ie settings hijack? [ 1 Answers ]

Every time I switch on PC http://iesettingsupdate automaticaly starts my internet connection and willnot allow me to change settings for wireless router I have nortons and have run adaware but cannot find the problem


View more questions Search