Jump to content

please help review Hijack List Logs


Recommended Posts

Automatic Updates cant work. Please help!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:07:11 PM, on 3/5/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Altiris\eXpress\Deployment Web Console\ConsoleManager.exe

C:\Program Files\Altiris\eXpress\Deployment Server\DataManager.exe

C:\Program Files\Altiris\eXpress\Deployment Server\mm.exe

C:\Program Files\Altiris\eXpress\Deployment Server\axengine.exe

C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PxeCfgService.exe

C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PxeMgr.exe

C:\Program Files\HP\Cissesrv\cissesrv.exe

C:\WINDOWS\system32\cpqrcmc.exe

C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe

C:\Program Files\Emulex\Util\Common\rmserver.exe

C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\sysdown.exe

C:\hp\hpsmh\bin\smhstart.exe

C:\Program Files\Symantec\Backup Exec\beremote.exe

C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe

C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe

C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\hp\hpsmh\bin\hpsmhd.exe

C:\hp\hpsmh\bin\rotatelogs.exe

C:\hp\hpsmh\bin\rotatelogs.exe

C:\hp\hpsmh\bin\hpsmhd.exe

C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe

C:\hp\hpsmh\bin\rotatelogs.exe

C:\hp\hpsmh\bin\rotatelogs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PXEService.exe

C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Pxemtftp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cpqteam.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\regedit.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://192.168.10.70/

O1 - Hosts: 172.25.68.66 cbjpec02

O1 - Hosts: 172.25.68.66 cbjpec02.pectech.lcl

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [brciygcc.exe] C:\WINDOWS\brciygcc.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O16 - DPF: iLO Remote Console Applet - https://192.168.10.66/dvc.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pectech.lcl

O17 - HKLM\Software\..\Telephony: DomainName = pectech.lcl

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA152CD1-97FA-4096-A65B-89383C723ED9}: NameServer = 172.25.64.23,172.20.4.72,172.20.4.71

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pectech.lcl

O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll

O20 - AppInit_DLLs: HookDLL.DLL

O23 - Service: Altiris Deployment Server Console Manager - - C:\Program Files\Altiris\eXpress\Deployment Web Console\ConsoleManager.exe

O23 - Service: Altiris Deployment Server Data Manager - - C:\Program Files\Altiris\eXpress\Deployment Server\\DataManager.exe

O23 - Service: Altiris Deployment Server DB Management - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\\mm.exe

O23 - Service: Altiris eXpress Server - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\\axengine.exe

O23 - Service: Altiris PXE Config Helper - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PxeCfgService.exe

O23 - Service: Altiris PXE Manager - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PxeMgr.exe

O23 - Service: Altiris PXE MTFTP Server - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\PXE\Pxemtftp.exe

O23 - Service: Altiris PXE Server - Altiris, Inc. - C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PXEService.exe

O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beremote.exe

O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\benetns.exe

O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\pvlsvr.exe

O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\bengine.exe

O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beserver.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: HP Smart Array SAS/SATA Event Notification Service (Cissesrv) - Hewlett-Packard Company - C:\Program Files\HP\Cissesrv\cissesrv.exe

O23 - Service: HP Insight NIC Agents (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe

O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe

O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe

O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe

O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe

O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe

O23 - Service: Emulex HBA Discovery - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaDiscSrvr.exe

O23 - Service: Emulex HBA Management - Emulex Corporation - C:\Program Files\Emulex\Util\Common\rmserver.exe

O23 - Service: Emulex SvcMgr - Emulex Corporation - C:\Program Files\Emulex\Util\Common\HbaHsMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Hewlett-Packard Company - C:\WINDOWS\system32\sysdown.exe

O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--

End of file - 10205 bytes

Link to post
Share on other sites

  • Root Admin

Does the scanner work?

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.