Results 1 to 2 of 2

Thread: HJT log, XP Pro

Hybrid View

  1. 09-04-2008, 09:22 AM #1
    Toddler
    Toddler is offline Junior Member
    Join Date
    Sep 2008
    Posts
    5

    HJT log, XP Pro

    Any help is appreciated. I'm experiencing popups and it seems like a redirector, possibly?

    ------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:17:01 AM, on 9/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\WINDOWS\system32\CBA\pds.exe
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\WINDOWS\ECM4\remote\CSIRemoteCSvc.exe
    C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
    C:\PROGRA~1\LANDesk\LDClient\collector.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.e xe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MICROS~4\wcescomm.exe
    C:\Program Files\VnrBlock\VnrBlock20.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.sug.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    O2 - BHO: {3d1a06a4-bbf1-b1c8-8484-0189ecb178e0} - {0e871bce-9810-4848-8c1b-1fbb4a60a1d3} - C:\WINDOWS\system32\tpfsav.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /to=5 /Retry=2 /Tspan=60 /Rstart
    O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.e xe"
    O4 - HKLM\..\Run: [MSI_UDAgent] "C:\WINDOWS\system32\udagent.exe" -c
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BM2beb7e9e] Rundll32.exe "C:\WINDOWS\system32\tfkivunt.dll",s
    O4 - HKLM\..\Run: [28d84d02] rundll32.exe "C:\WINDOWS\system32\opufpqiy.dll",a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
    O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [JINIT REDIRECT] C:\Program Files\Oracle\JInitiator 1.3.1.29\\Bin\PCJINIT.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [JINIT REDIRECT] C:\Program Files\Oracle\JInitiator 1.3.1.29\\Bin\PCJINIT.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
    O15 - Trusted Zone: http://*.brightlinecompliance.com
    O15 - Trusted Zone: http://panhandle.pipelineportal.com
    O15 - Trusted Zone: http://*.brightlinecompliance.com (HKLM)
    O15 - Trusted Zone: http://panhandle.pipelineportal.com (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = energy.sug.pri
    O17 - HKLM\Software\..\Telephony: DomainName = energy.sug.pri
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = energy.sug.pri
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = energy.sug.pri
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: Configuresoft ECM Remote Client (CSIRemoteC) - Configuresoft, Inc. - C:\WINDOWS\ECM4\remote\CSIRemoteCSvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: ECM Security Update Manager Agent - ConfigureSoft, Inc. - C:\WINDOWS\System32\CSISUMAgent\CSISUMAgent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
    O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    O23 - Service: OracleOracleClientCache - Unknown owner - C:\Oracle\ora92\bin\ONRSD.EXE
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 7956 bytes
    Reply With Quote Reply With Quote
  2. 09-04-2008, 10:30 PM #2
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    You need to do the steps found HERE
    Especially steps 2, 5, 7, 8...When you run Malwarebytes' Anti-Malware program be absolutely certain that everything is checked, and click Remove Selected.
    Then be certain to run the ESET Online Scanner.
    After you have done all of the above then run a NEW scan with HiJackThis.
    Post back here with the ESET Scanner log, the Malwarebytes' Anti-Malware log and the new HJT log.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules