Can someone take a look at my Hijack This log? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-29-2005, 05:06 PM   #1 (permalink)
Junior Techie
 
Join Date: Jan 2004
Posts: 90
Question Can someone take a look at my Hijack This log?

Hi. I am working on a user's computer and it was infested with spyware. I used Ad-aware and Spybot to clean it and everything seems to be fine. He calls us couple hours later and said some of his sites is being blocked by my company. I went down to check on the computer and opened Internet Explorer. Next thing you know, another window appears stating the site Zuvio has been blocked. I ran Ad-aware and Spybot again with the latest updates and it did not fix the problem. I did some research and some forums suggested I look for Zuvio or Opensite folders and keys (in the registry to remove them). I could not find any of these and I could not even find it in Add/Remove programs. I figure you guys can take a look at the Hijack This log and see if there is anything that may be causing the site to be re-directed to Zuvio. I am currently running Norton Anti-virus (that is what the company has installed on the computer) and Stinger to see if there are any viruses or trojans. Any help is appreciated. Thank you.

Here is the log:

-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:33:21 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\cusrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\UMCSTUB.EXE
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [701LK] C:\WINDOWS\Kgjmk.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [ofhjgp] C:\WINDOWS\Swfxd.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Lihohy] C:\WINDOWS\Clpsn.exe
O4 - HKLM\..\Run: [wxdxoda] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UAMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\AMAGENT.EXE
O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Desktop Application Director 11.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCDC37FE-3F74-4A2A-974E-053D9D3EC7F3}:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
------------------
__________________

godai73 is offline  
Old 06-29-2005, 05:22 PM   #2 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

I don't know alot so I didn't put the ones I'm not sure on but you are safe to remove these.

O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
__________________

__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 06-29-2005, 05:30 PM   #3 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Remove entries at your own risk


O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe Ibis toolbar adware related Must be fixed!

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe Backdoor.Agent.bg worm Must be fixed!

O4 - HKLM\..\Run: [701LK] C:\WINDOWS\Kgjmk.exe Unknown application.

O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe Backdoor.Agent.bg trojan Must be fixed!

O4 - HKLM\..\Run: [ofhjgp] C:\WINDOWS\Swfxd.exe Must be fixed!

O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe Added by a variant of the Backdoor.Agent.bg trojan Must be fixed!

O4 - HKLM\..\Run: [Lihohy] C:\WINDOWS\Clpsn.exe

O4 - HKLM\..\Run: [wxdxoda] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe

O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe

O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe

O4 - Global Startup: Desktop Application Director 11.lnk = ? Unknown application.
The entry is unnecessary and can be fixed.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) If the entry '' is not needed anymore, it should be fixed.
Unnecessary (deactivated) entry that can be fixed.

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
Unnecessary (deactivated) entry that can be fixed.
__________________
Osiris is offline  
Old 06-29-2005, 05:44 PM   #4 (permalink)
Field Engineer
 
SHAWN's Avatar
 
Join Date: Nov 2004
Location: Long Island, NY
Posts: 4,697
Send a message via AIM to SHAWN
Default

Nice...
__________________
A+, Network + , HP Certified Tech and MCP

Specs: AMD Phenom II X6 1095T, Asus M477TD, 8GB GSkill Ripjaws DDR3 1600 7-8-7-24 1T, 128GB Crucial M4 SSD, ATi HD4650, W7, 27" HL272 Monitor
SHAWN is offline  
Old 06-30-2005, 09:59 AM   #5 (permalink)
Junior Techie
 
Join Date: Jan 2004
Posts: 90
Default

Thanks for the help guys. It seems to have worked. Again, thanks for the help.
godai73 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:03 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.