HijackThis log file, Help please - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 5 (permalink) Old 11-19-2007, 02:20 PM Thread Starter
老师
 
Neiladin's Avatar
 
Join Date: Sep 2004
Location: OKC
Posts: 12,120
HijackThis log file, Help please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 316 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\HiltonP65\bin\sprtlisten.exe
C:\Program Files\HiltonP65\bin\sprtsvc.exe
C:\Program Files\HiltonP65\bin\tgsrvc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\HiltonP65\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\winshow.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HPMS\HPMS_FD.EXE
C:\WINNT\system32\dllhost.exe
C:\Program Files\HPMS\HPMSMessaging.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://onqinsider.hilton.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://onqinsider.hilton.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://onqinsider.hilton.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hilton Hotels Corporation
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://enet.hilton.com/autocfg/ie6/HOTEL.INS
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HiltonP65] "C:\Program Files\HiltonP65\bin\sprtcmd.exe" /P HiltonP65
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINNT\winshow.exe"
O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://onqinsider.hilton.com
O15 - Trusted Zone: http://*.americanexpress.com
O15 - Trusted Zone: http://*.BPSNet
O15 - Trusted Zone: http://www.bristolonline.com
O15 - Trusted Zone: http://support.ca.com
O15 - Trusted Zone: http://*.ca.com
O15 - Trusted Zone: http://support.cai.com
O15 - Trusted Zone: http://*.cai.com
O15 - Trusted Zone: http://*.cbpssrv1
O15 - Trusted Zone: http://*.cisdev
O15 - Trusted Zone: http://www.clubhotels.com
O15 - Trusted Zone: http://*.clubhotels.com
O15 - Trusted Zone: http://*.cntsdms1
O15 - Trusted Zone: http://www.compaq.com
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: http://*.corp_install01
O15 - Trusted Zone: http://*.criticalpath.net
O15 - Trusted Zone: http://www.dimdev.com
O15 - Trusted Zone: http://*.doubletree.com
O15 - Trusted Zone: http://www.doubletreehotels.com
O15 - Trusted Zone: http://*.doubletreehotels.com
O15 - Trusted Zone: http://www.embassy-suites.com
O15 - Trusted Zone: http://*.embassy-suites.com
O15 - Trusted Zone: http://www.embassyvacationresorts.com
O15 - Trusted Zone: http://*.embassyvacationresorts.com
O15 - Trusted Zone: http://*.extranet
O15 - Trusted Zone: http://*.glacier
O15 - Trusted Zone: http://www.grandtheme.com
O15 - Trusted Zone: http://www.hampton-inn.com
O15 - Trusted Zone: http://*.hampton-inn.com
O15 - Trusted Zone: http://www.hamptonvacationresorts.com
O15 - Trusted Zone: http://*.hamptonvacationresorts.com
O15 - Trusted Zone: http://eis.hilton.com
O15 - Trusted Zone: http://enet.hilton.com
O15 - Trusted Zone: http://hiltonnet.hilton.com
O15 - Trusted Zone: http://inet.hilton.com
O15 - Trusted Zone: http://intranet.hilton.com
O15 - Trusted Zone: http://onqinsider.hilton.com
O15 - Trusted Zone: http://*.hilton.com
O15 - Trusted Zone: http://*.hiltoninets.com
O15 - Trusted Zone: http://www.homewood-suites.com
O15 - Trusted Zone: http://*.homewood-suites.com
O15 - Trusted Zone: http://www.hoovers.com
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.ibm.net
O15 - Trusted Zone: http://*.inet
O15 - Trusted Zone: http://*.intradev_temp
O15 - Trusted Zone: http://*.it
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://*.mapquest.com
O15 - Trusted Zone: http://*.netrez.com
O15 - Trusted Zone: http://www.plansoft.com
O15 - Trusted Zone: http://corp.pmhs.com
O15 - Trusted Zone: http://download.pointcast.com
O15 - Trusted Zone: http://www.pointcast.com
O15 - Trusted Zone: http://*.pointcast.com
O15 - Trusted Zone: http://cis.promus.com
O15 - Trusted Zone: http://eis.promus.com
O15 - Trusted Zone: http://enet.promus.com
O15 - Trusted Zone: http://inet.promus.com
O15 - Trusted Zone: http://*.promus.com
O15 - Trusted Zone: http://hilton.purchasepro.com
O15 - Trusted Zone: http://rl2k.rci.com
O15 - Trusted Zone: http://www.rfpexpress.com
O15 - Trusted Zone: http://www.rfsmgmt.com
O15 - Trusted Zone: http://www.tharaldson.com
O15 - Trusted Zone: http://*.verisign.com
O15 - Trusted Zone: http://www.w3.org
O15 - Trusted Zone: http://*.w3.org
O15 - Trusted Zone: http://la.xceed.com
O15 - Trusted Zone: http://*.americanexpress.com (HKLM)
O15 - Trusted Zone: http://*.BPSNet (HKLM)
O15 - Trusted Zone: http://www.bristolonline.com (HKLM)
O15 - Trusted Zone: http://support.ca.com (HKLM)
O15 - Trusted Zone: http://*.ca.com (HKLM)
O15 - Trusted Zone: http://support.cai.com (HKLM)
O15 - Trusted Zone: http://*.cai.com (HKLM)
O15 - Trusted Zone: http://*.cbpssrv1 (HKLM)
O15 - Trusted Zone: http://*.cisdev (HKLM)
O15 - Trusted Zone: http://www.clubhotels.com (HKLM)
O15 - Trusted Zone: http://*.clubhotels.com (HKLM)
O15 - Trusted Zone: http://*.cntsdms1 (HKLM)
O15 - Trusted Zone: http://www.compaq.com (HKLM)
O15 - Trusted Zone: http://*.compaq.com (HKLM)
O15 - Trusted Zone: http://*.corp_install01 (HKLM)
O15 - Trusted Zone: http://*.criticalpath.net (HKLM)
O15 - Trusted Zone: http://www.dimdev.com (HKLM)
O15 - Trusted Zone: http://*.doubletree.com (HKLM)
O15 - Trusted Zone: http://www.doubletreehotels.com (HKLM)
O15 - Trusted Zone: http://*.doubletreehotels.com (HKLM)
O15 - Trusted Zone: http://www.embassy-suites.com (HKLM)
O15 - Trusted Zone: http://*.embassy-suites.com (HKLM)
O15 - Trusted Zone: http://www.embassyvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.embassyvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.extranet (HKLM)
O15 - Trusted Zone: http://*.glacier (HKLM)
O15 - Trusted Zone: http://www.grandtheme.com (HKLM)
O15 - Trusted Zone: http://www.hampton-inn.com (HKLM)
O15 - Trusted Zone: http://*.hampton-inn.com (HKLM)
O15 - Trusted Zone: http://www.hamptonvacationresorts.com (HKLM)
O15 - Trusted Zone: http://*.hamptonvacationresorts.com (HKLM)
O15 - Trusted Zone: http://eis.hilton.com (HKLM)
O15 - Trusted Zone: http://enet.hilton.com (HKLM)
O15 - Trusted Zone: http://hiltonnet.hilton.com (HKLM)
O15 - Trusted Zone: http://inet.hilton.com (HKLM)
O15 - Trusted Zone: http://intranet.hilton.com (HKLM)
O15 - Trusted Zone: http://onqinsider.hilton.com (HKLM)
O15 - Trusted Zone: http://*.hilton.com (HKLM)
O15 - Trusted Zone: http://*.hiltoninets.com (HKLM)
O15 - Trusted Zone: http://www.homewood-suites.com (HKLM)
O15 - Trusted Zone: http://*.homewood-suites.com (HKLM)
O15 - Trusted Zone: http://www.hoovers.com (HKLM)
O15 - Trusted Zone: http://*.hp.com (HKLM)
O15 - Trusted Zone: http://*.ibm.net (HKLM)
O15 - Trusted Zone: http://*.inet (HKLM)
O15 - Trusted Zone: http://*.intradev_temp (HKLM)
O15 - Trusted Zone: http://*.it (HKLM)
O15 - Trusted Zone: http://www.mapquest.com (HKLM)
O15 - Trusted Zone: http://*.mapquest.com (HKLM)
O15 - Trusted Zone: http://*.netrez.com (HKLM)
O15 - Trusted Zone: http://www.plansoft.com (HKLM)
O15 - Trusted Zone: http://corp.pmhs.com (HKLM)
O15 - Trusted Zone: http://download.pointcast.com (HKLM)
O15 - Trusted Zone: http://www.pointcast.com (HKLM)
O15 - Trusted Zone: http://*.pointcast.com (HKLM)
O15 - Trusted Zone: http://cis.promus.com (HKLM)
O15 - Trusted Zone: http://eis.promus.com (HKLM)
O15 - Trusted Zone: http://enet.promus.com (HKLM)
O15 - Trusted Zone: http://inet.promus.com (HKLM)
O15 - Trusted Zone: http://*.promus.com (HKLM)
O15 - Trusted Zone: http://hilton.purchasepro.com (HKLM)
O15 - Trusted Zone: http://rl2k.rci.com (HKLM)
O15 - Trusted Zone: http://www.rfpexpress.com (HKLM)
O15 - Trusted Zone: http://www.rfsmgmt.com (HKLM)
O15 - Trusted Zone: http://www.tharaldson.com (HKLM)
O15 - Trusted Zone: http://*.verisign.com (HKLM)
O15 - Trusted Zone: http://www.w3.org (HKLM)
O15 - Trusted Zone: http://*.w3.org (HKLM)
O15 - Trusted Zone: http://la.xceed.com (HKLM)
O15 - Trusted IP range: http://10.8.5.88
O15 - Trusted IP range: http://167.187.10.232
O15 - Trusted IP range: http://192.251.125.162
O15 - Trusted IP range: http://192.251.125.163
O15 - Trusted IP range: http://167.187.153.100
O15 - Trusted IP range: http://167.187.51.152
O15 - Trusted IP range: http://209.173.69.234
O15 - Trusted IP range: http://38.231.229.47
O15 - Trusted IP range: http://10.8.5.88 (HKLM)
O15 - Trusted IP range: http://167.187.10.232 (HKLM)
O15 - Trusted IP range: http://192.251.125.162 (HKLM)
O15 - Trusted IP range: http://192.251.125.163 (HKLM)
O15 - Trusted IP range: http://167.187.153.100 (HKLM)
O15 - Trusted IP range: http://167.187.51.152 (HKLM)
O15 - Trusted IP range: http://209.173.69.234 (HKLM)
O15 - Trusted IP range: http://38.231.229.47 (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://onqsupport.hilton.com/sdccomm...ad/tgctlcm.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O17 - HKLM\Software\..\Telephony: DomainName = na.hhcpr.hilton.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.hhcpr.hilton.com
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\detoured.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\HiltonP65\bin\sprtlisten.exe
O23 - Service: SupportSoft Sprocket Service (hiltonp65) (sprtsvc_hiltonp65) - SupportSoft, Inc. - C:\Program Files\HiltonP65\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (hiltonp65) (tgsrvc_hiltonp65) - SupportSoft, Inc. - C:\Program Files\HiltonP65\bin\tgsrvc.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15188 bytes


someone tell me what's not supposed to be there. please. this fucking work computer is driving me crazy.
Neiladin is offline  
Sponsored Links
Advertisement
 
post #2 of 5 (permalink) Old 11-19-2007, 02:35 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
What's it doing?





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #3 of 5 (permalink) Old 11-19-2007, 02:40 PM Thread Starter
老师
 
Neiladin's Avatar
 
Join Date: Sep 2004
Location: OKC
Posts: 12,120
weird browser popups trying to sell me things. adaware and spybot dont find anything.
Neiladin is offline  
 
post #4 of 5 (permalink) Old 11-19-2007, 05:36 PM Thread Starter
老师
 
Neiladin's Avatar
 
Join Date: Sep 2004
Location: OKC
Posts: 12,120
i know someone on here can help...
Neiladin is offline  
post #5 of 5 (permalink) Old 11-19-2007, 05:44 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Quote:
Originally Posted by Neiladin
i know someone on here can help...
http://housecall.trendmicro.com/ might/should help.

http://www.filehippo.com/download/ea...0c5d/download/ D/L and use religiously. Just know that using this will wipe out all browsing history/passwords....





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome