MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Trojan Hideproc.a found
November 13, 2019, 08:44:54 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 08:44:54 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Trojan Hideproc.a found  (Read 754 times)
tmeinen
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 11


Bookmark and Share

View Profile
« on: January 12, 2005, 07:08:57 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: winXP
Problem Application Name & Version:
Problem Hardware Make & Model: HP Pavilion
I cannot access windows explorer to get on the internet. I have to use Netscape browser. I cannot access any programs by clicking on their shortcuts on my desktop. I have trojan variants running in the background and cannot get rid of the problem. They are taking up 100% of system resources. I have run a couple of virus scan programs and still have the problem. I have just recently found your site and just finished doing all that you require before posting a log from hijack this.

I have gone to Trendmicro and attempted to run a scan but it would not allow me too.
I have run AD-Ware SE and kept a log.
I have run Spybot Search & Destroy and had it fix all that it found in red.
I have run HiJack this and kept a log.

Please help me with this problem. I'm not sure what to do next.
Error Messages:



Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: January 12, 2005, 07:14:16 PM »

Cut & Paste the HJT logfile here in your post.. Smiley

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
tmeinen
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 11


Bookmark and Share

View Profile
« Reply #2 on: January 12, 2005, 11:23:13 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Logfile of HijackThis v1.99.0
Scan saved at 11:53:39 AM, on 1/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\Security
Center\UsrPrmpt.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common
Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\sdklj32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program
Files\Netscape\Communicator\Program\netscape.exe
C:\Documents and Settings\Owner\My
Documents\Shareware\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\nkbrv.dll/sp.html#76985
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) -
{44CA1B09-A138-68F7-B9B7-7FDD017A3009} -
C:\WINDOWS\system32\ipdp32.dll
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program
Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MXO Auto Loader]
C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program
Files\Common Files\Symantec Shared\Security
Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msqa32.exe] C:\WINDOWS\msqa32.exe
O4 - HKLM\..\Run: [3B70.tmp]
C:\DOCUME~1\Owner\LOCALS~1\Temp\3B70.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs3]
C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program
Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [sdklj32.exe] C:\WINDOWS\sdklj32.exe
O4 - HKLM\..\RunOnce: [sysgh.exe]
C:\WINDOWS\system32\sysgh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Program
Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program
Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Organize.lnk = ?
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program
Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Acrobat Assistant.lnk =
C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk =
C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program
Files\Updates from
HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .TIF: C:\Program Files\Internet
Explorer\plugins\Npdview.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} -
http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {11111111-1111-1111-1111-222222222222} -
ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B}
(OTXMovie Class) -
http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B1377D25-8608-427E-B61A-4E3AAAF935FE}:
NameServer = 24.164.100.230,24.164.100.234,65.24.0.163
O23 - Service: AntiVir Service - H+BEDV Datentechnik
GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik
GmbH, Germany - C:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher - Dantz Development
Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation
- C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: Network Security Service (NSS) -
Unknown - C:\WINDOWS\system32\ntfe32.exe (file
missing)




Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 07, 2017, 12:39:04 AM