Thread: Can anyone please help me?
View Single Post
Old 02-27-2005, 05:48 PM   #6 (permalink)
hikkifan84
Registered User
 
Join Date: Feb 2005
Location: Maryland
Posts: 31
OS: Win2k Pro


Here's what you told me to post.

HijackThis Analyzer Results
Quote:
===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 11:36:11 PM, on 2/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\system\vppi.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Sharita\hijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.creative.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O3 - Toolbar: Browser Bar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\BlueLight Internet\toolbar.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\Program Files\BlueLight Internet\Toolbar.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Sharita\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


End of HijackThis Analyzer Log.
===========================================================================================================================


TDS-3 System Scan Log

Quote:
18:55:11 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
18:55:11 [Init] Started 27-02-05 18:55:11 Eastern Standard Time (UTC: 5), Internet Time @1038.32
18:55:11 [Init] Loading TDS-3 Systems ...
18:55:11 [Init] Token successfully adjusted.
18:55:11 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
18:55:12 [Init] • Plugins : OK. Loaded 13
18:55:12 [Init] • Exec Protection : Not Installed
18:55:12 [Init] WARNING: Your Radius.TD3 database needs to be updated!
18:55:12 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
18:55:12 [Init] Licensed users can use the Update facility from the TDS menu
18:55:12 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
18:55:18 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
18:55:18 [Init] • Systems Initialised [39471 references - 16560 primaries/10873 traces/12038 variants/other]
18:55:18 [Init] Radius Systems loaded. <Databases updated 14-10-2004>
18:55:18 [Init] TDS-3 Ready. <Darzel robinson and@127.0.0.1 - United States>
18:55:18 [Tip Of The Day] Did you know? - DiamondCS are the only anti-trojan company that updates DAILY.
18:55:18 [TDS] Good evening Darzel robinson and. Time to stop working!
18:55:21 [Mutex Memory Scan] Started...
18:55:23 [Mutex Memory Scan] Finished (no trojan mutexes found).
18:55:23 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
18:55:27 [CRC32] Started - verifying 29 files ...
18:55:28 [CRC32] File doesn't exist: C:\autoexec.bat
18:55:31 [CRC32] Test finished.
18:56:31 [Memory Scan] Memory scan started, please wait a moment ...
18:56:32 [Memory Scan] Memory scan complete.
18:56:32 [Mutex Memory Scan] Started...
18:56:34 [Mutex Memory Scan] Finished (no trojan mutexes found).
18:56:34 [Trace Scan] Started...
18:56:47 [Trace Scan] Finished.
18:56:47 [ServiceScan] Scanning for services and drivers ...
18:56:51 [ServiceScan] Scanned 294 services and drivers.
18:56:51 [File Scan] Scanning in A:\ ...
18:56:52 [File Scan] Scanned 0 files: 1 alarms in 1.03125 seconds (Avg 1. files/sec)
18:56:52 [File Scan] Scanning in C:\ ...
19:07:11 [TDS] Good evening Darzel robinson and.
19:20:13 [TDS] Good evening Darzel robinson and.
19:31:31 [TDS] Good evening Darzel robinson and.
19:45:15 [File Scan] Scanned 69624 files: 7 alarms in 2903.234 seconds (Avg 24.98 files/sec)
19:45:16 [File Scan] Scanning in D:\ ...
19:45:16 [File Scan] Scanned 0 files: 7 alarms in 0.015625 seconds (Avg 1. files/sec)
19:45:16 [File Scan] Scanning in E:\ ...
19:45:16 [File Scan] Scanned 0 files: 7 alarms in 0.03125 seconds (Avg 1. files/sec)
19:45:16 [File Scan] Scanning in F:\ ...
19:45:16 [File Scan] Scanned 0 files: 7 alarms in 0 seconds (Avg -1.#IND files/sec)
19:45:16 [Scan] Finished.
19:45:34 [Text Dump] Saved to C:\Sharita\TDS\TDS3\scandump.txt
TDS-3 Alarms
Quote:
Scan Control Dumped @ 19:45:34 27-02-05
File Trace: Default trojan filename: Suspicious
File: c:\command.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\darzel robinson and .darzel-dsmvrgma\desktop\firefoxsetup-0.9.3.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\documents and settings\darzel robinson and .darzel-dsmvrgma\local settings\temp\ei.exe

Positive identification: TrojanDownloader.Win32.TV.a
File: c:\documents and settings\darzel robinson and .darzel-dsmvrgma\local settings\temp\icc.tmp

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Positive identification <Adv>: Suspicious: Microsoft-tagged exe built with Borland compiler
File: c:\winnt\system32\cache\helperinstaller.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\winnt\system32\cache\pi1_51.exe
hikkifan84 is offline