|
|
|
|
01-29-2005, 05:45 PM
|
#1 |
Trojan Horse! AHHH!
how is it going guys im new to the group but i have been reading the
All-In-One certification for the A+ certification and it recommended this site. I have been recently getting to the point on my computer where nothing will work  task manager wont stay open(i fixed that byrenaming it) msconfig wont stay open(wont even pop up) and my network connection is shot to He**. i recently ran hijacker and i thought i might post the log here and some of you smarter people might be able to help me out  here it is: Logfile of HijackThis v1.99.0 Scan saved at 11:17:01 AM, on 1/29/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\Winzip32.exe C:\WINDOWS\system32\SVCHOSTA.EXE c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bi n\pchbutton.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Hijack\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.klove.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O2 - BHO: sPeerObj Class - {00000026-8735-428D-B81F-DD098223B25F} - C:\WINDOWS\speer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {D88A2D57-C4CA-47E1-A499-770B2D599C9B} - (no file) O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file) O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Winzip Archiver] Winzip32.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Windows Logon Procedure] SVCHOSTA.EXE O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe" O4 - HKLM\..\RunServices: [Winzip Archiver] Winzip32.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bi n\pchbutton.exe O4 - HKCU\..\RunOnce: [Windows Logon Procedure] SVCHOSTA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.broderbund.com/plugin/Download.cab O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://traffichog.com/toolbar/bmeb.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe any help would be greatly apreciated. Jason Hunt okstatefan@swbell.net |
|
|
|
01-31-2005, 05:46 AM
|
#2 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
"StuffJustHappens" <> wrote in message news:41fd71a7$0$28454$... > Welcome, but HJT posts really belong on the sites designed for them - > posting them here will only dilute the purpose of this newsgroup. And how about helping the lad to some places that do that, http://forums.majorgeeks.com/showthread.php?t=38752 -- <B0N3H3@D> "I have no special talent. I am only passionately curious." Albert Einstein «BONEHEAD>> |
|
|
|
01-31-2005, 09:18 PM
|
#3 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
On Sun, 30 Jan 2005 23:45:45 +0000, StuffJustHappens
<> wrote: >Welcome, but HJT posts really belong on the sites designed for them - >posting them here will only dilute the purpose of this newsgroup. Sory, but I don't even think that this is a gray area...A+ techs will be dealing with these situations, so why shouldn't it be at least peripherally on-topic for this group? Tom Tom MacIntyre |
|
|
|
01-31-2005, 11:17 PM
|
#4 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
Tom MacIntyre wrote:
> On Sun, 30 Jan 2005 23:45:45 +0000, StuffJustHappens > <> wrote: > > >>Welcome, but HJT posts really belong on the sites designed for them - >>posting them here will only dilute the purpose of this newsgroup. > > > Sory, but I don't even think that this is a gray area...A+ techs will > be dealing with these situations, so why shouldn't it be at least > peripherally on-topic for this group? > > Tom I see what you mean, but it's not on the cert syllabus and this is a forum for people studying for A+ so it's a distraction. I'm not freaking out at the post, I just think there's plenty of 'official' places where HJT posts can be analysed by a community specifically aimed at doing just that - this is not one of them. StuffJustHappens |
|
|
|
02-01-2005, 03:41 AM
|
#5 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
It's a shame. A person presents a legitimate learning scenario and he
gets put down for it. The people who come on here advertising nudity and other non related garbage just slip on by. I agree this is a very legitimate topic. I do not remeber seeing a sign saying future A+ holders, New A+ holders, Old time A+ holders. I think this is for anything A+. Which given todays job demands can be a very broad scope. johnnygeargrinder2004@yahoo.com |
|
|
|
02-01-2005, 07:18 PM
|
#6 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
Billy wrote: > <> wrote in message > news: ups.com... > > It's a shame. A person presents a legitimate learning scenario and he > > gets put down for it. The people who come on here advertising nudity > > and other non related garbage just slip on by. I agree this is a very > > legitimate topic. I do not remeber seeing a sign saying future A+ > > holders, New A+ holders, Old time A+ holders. I think this is for > > anything A+. Which given todays job demands can be a very broad scope. > > > > I give this post an A+. > > thanks guys for your support. sorry if i posted in the wrong place but i was just reading my A+ book earlier that day and saw the plug for this newsgroup so i thought i would try it here. It turns out that we had several trojans on our computer which in turn allowed someone to get in and hack our network. they turned off our WEP security and shut down our wireless connection for the house. Spent a day and a half trying to figure out what was wrong and it only took a 2 minute correction :/ haha. anyways thanks again for your support. Jason okstatefan@swbell.net |
|
|
|
02-01-2005, 07:52 PM
|
#7 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
> had several trojans on our computer which in turn allowed someone to
> get in and hack our network. > > they turned off our WEP security and shut down our wireless connection > for the house. Spent a day and a half trying to figure out what was > wrong and it only took a 2 minute correction :/ haha. anyways thanks > again for your support. > > Jason > > No Problem Jason, Which trojans where on your system and what correction did you apply? How did you figure out the trojans? Thanks Bum Bum |
|
|
|
02-01-2005, 11:18 PM
|
#8 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
On 31 Jan 2005 19:41:37 -0800, ""
<> wrote: >It's a shame. A person presents a legitimate learning scenario and he >gets put down for it. The people who come on here advertising nudity >and other non related garbage just slip on by. I agree this is a very >legitimate topic. I do not remeber seeing a sign saying future A+ >holders, New A+ holders, Old time A+ holders. I think this is for >anything A+. Which given todays job demands can be a very broad scope. I will say that it'd be good to keep the major bulk away from the peripheral, though. This group has always seemed to work well like that, at least since I've been here. Another thing is the trust/familiarity factor. Bouncing in and out of dozens of newsgroups may not always be a good thing when there are people you know and trust in a group that you follow regularly. It's a matter of balance, I think. Tom Tom MacIntyre |
|
|
|
02-04-2005, 05:29 AM
|
#9 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
"StuffJustHappens" <> wrote in message news:42010ef4$0$4100$... > wrote: > > I do not remeber seeing a sign saying future A+ > > holders, New A+ holders, Old time A+ holders. I think this is for > > anything A+. > > Er..CERTIFICATION for A+ actually - ie: related to the A+ syllabus for > certification-related questions - so when they put HJT dump analysis on > the syllabus everything will be hunky dory. > > Anyway, let's not lose sleep over it. > > Move along please > who crowned you king???? -- <B0N3H3@D> "I have no special talent. I am only passionately curious." Albert Einstein «BONEHEAD>> |
|
|
|
02-06-2005, 04:40 AM
|
#10 |
|
Posts: n/a
|
Re: Trojan Horse! AHHH!
«BONEHEAD>> wrote:
> "StuffJustHappens" <> wrote in > message news:42010ef4$0$4100$... > >> wrote: >> >>>I do not remeber seeing a sign saying future A+ >>>holders, New A+ holders, Old time A+ holders. I think this is for >>>anything A+. >> >>Er..CERTIFICATION for A+ actually - ie: related to the A+ syllabus for >>certification-related questions - so when they put HJT dump analysis on >>the syllabus everything will be hunky dory. >> >>Anyway, let's not lose sleep over it. >> >>Move along please >> > > > who crowned you king???? > Well, *you* would - if you paid any attention to me. Just ignore me and everything will be all right. SJH StuffJustHappens |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Trojan zlob? Please help! | whackamole | General Help Related Topics | 4 | 10-16-2008 09:23 PM |
| eBay Users Targeted By Advanced Trojan | ufo | DVD Video | 2 | 03-07-2007 04:13 AM |
| Help with Trojan | Breedo | A+ Certification | 1 | 03-25-2005 05:05 AM |
| Re: Monitor problem after infection of a Trojan Horse! | Tom MacIntyre | A+ Certification | 0 | 07-19-2003 02:40 PM |
| Re: Monitor problem after infection of a Trojan Horse! | Nick | A+ Certification | 0 | 07-19-2003 12:31 PM |
