Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91818 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack This Log,


  • This topic is locked This topic is locked
22 replies to this topic

#16 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 20 November 2005 - 10:29 PM

Ok, not much there, really. Things still running ok?

    Advertisements

Register to Remove


#17 rob5

rob5

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 November 2005 - 04:18 AM

Hi, Yes things seem to be much better now... Could you reccomend a combination of tools to run? This lot went straight past Corporate NAV and Microsoft Anti Spyware, as well as ad-aware. If you know any spyware authors you want killed, I'd also be happy to do that. Reading this forum I can't believe the amount of trouble they have caused... Regards Rob

#18 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 21 November 2005 - 12:57 PM

Can you post a new HJT log and I will recommend some tools.

#19 rob5

rob5

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 November 2005 - 04:23 PM

Hi,

Here's the log...

Logfile of HijackThis v1.99.1
Scan saved at 23:19:45, on 21-11-05
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP1 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\system32\ccs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
D:\downloads\ewido\security suite\ewidoctrl.exe
D:\downloads\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\ircomm2k.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\oodag.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\WINNT\system32\am772cfg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\downloads\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\Hijack This\HijackThis.exe

O1 - Hosts: 62.100.59.196 offcentric.com
O1 - Hosts: 62.100.59.196:25899 laptop
O1 - Hosts: 172.16.36.10 amsrs039 amsrs039.cgn.canon-europa.com
O1 - Hosts: 172.16.4.12 nas-cenv-ams2.cenv.canon.nl
O1 - Hosts: 193.42.251.103 amsrs048.cgn.canon-europa.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\DOWNLO~1\SPYBOT~2\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AMD Wireless Network Configuration] "C:\WINNT\system32\am772cfg.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\downloads\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .rx: C:\Program Files\Attachmate\KEA! X\npacirx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://cenv.cgn.mycanon.net/
O15 - Trusted Zone: http://www.kruidvat.nl
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://cm.cgn.canon-...in/Spider80.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CEU.canon.eu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ceu.canon.eu,emea.canon.intra,cenv.canon.nl,local.canon-europa.com,cgn.canon-europa.com,canon-europe.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINNT\system32\ccs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\downloads\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\downloads\ewido\security suite\ewidoguard.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINNT\System32\ircomm2k.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome8ClientCache80 - Unknown owner - C:\oracle\Ora8\BIN\ONRSD80.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

#20 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 22 November 2005 - 12:00 PM

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. :P
  • On a regular basis, please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer.
  • In order to protect yourself against spyware, you should consider installing and running the following free programs:
    • Ad-Aware SE. A tutorial on using Ad-Aware to remove spyware from your computer may be found here. You have this installed currently. Please keep it updated and run it on a regular basis.
    • Spybot-Search & Destroy. A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features. You have this installed currently. Please keep it updated and run it on a regular basis.
    • SpywareBlaster. A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
    • SpywareGuard. A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
    Keeping these programs up-to-date and running them regularly can prevent a great deal of spyware hassle.
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here.
  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.
  • Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Sygate, or
    Outpost
    A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D

#21 rob5

rob5

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 23 November 2005 - 08:30 AM

Hi, Thanks for all the help... I've installed all of the additional software you mentioned so hopefully that will reduce the chances of this happening again! Once more thank you very much... If you're ever in Amsterdam I'm happy to buy beer or dinner or both :))) Regards Rob

#22 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 23 November 2005 - 09:48 AM

You are very welcome! I don't make it much to Europe (unfortunately), but I appreciate the offer. Take care. :)

#23 daparker

daparker

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 779 posts

Posted 23 November 2005 - 09:48 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users