0

hi im new to this ....but have read a few posts about this trojan.cachecache kit thing. Although this is not my computer i am trying to sort it. A trojan keeps coming up an an autoprotect window .. i take it somehting to do with symantec antivirus .. but when u close the window it keeps poppin up.

i did the hijack file thing - it appears below,

im aware that there is alot of unneeded programs perhaps conflicting programs on this computer but its a company laptop and the person is pretty clueless about any of it. (not that im much better ha)

thanks in advance for any help you can give me,
o

Logfile of HijackThis v1.99.1
Scan saved at 15:41:30, on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\LDCLIENT\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\LDCLIENT\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\LDCLIENT\SOFTMON.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\IPassConnectGUI.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\iPassConnectEngine.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Nortel Networks\extranet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\downloader\ipccheck.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\svchost32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://repp.ox/uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.210.154:80
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\LDCLIENT\SOFTMON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect Harcourt Education\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
O4 - HKLM\..\Run: [LDIScn32] C:\LDClient\LDISCN32.EXE /NTT=HELOXFEMAP001:5007 /S="HELOXFEMAP001" /I=HTTP://HELOXFEMAP001/ldlogon/ldappl3.ldz /NOUI /W=10
O4 - HKLM\..\Run: [TaskCompletion] C:\LDClient\amclient.exe /tcs /s
O4 - HKLM\..\Run: [LDCstm32] C:\LDClient\LDCSTM32.EXE /s
O4 - HKLM\..\Run: [RegtoReg] C:\LDClient\RegtoReg.EXE
O4 - HKLM\..\Run: [VulScanner] C:\LDClient\vulscan.exe /coreserver=HELOXFEMAP001 /norepair
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: iPassConnect Harcourt Education.lnk = C:\Program Files\iPass\iPassConnect Harcourt Education\IPassConnectGUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {06CFBF60-DA35-45A9-963F-2B4E7E785E6B} (SERfontcolor Control) - http://synergy/cab/SERfontcolor.cab
O16 - DPF: {1D21DF63-57A0-4BF5-9F33-45DBB97606D8} (SERcriteria) - http://synergy/cab/SERcriteria.cab
O16 - DPF: {1F33EA91-3000-4B10-94B9-2F017453D748} (SERsearch) - http://synergy/cab/SERsearch.cab
O16 - DPF: {1FE9CF28-E98C-11D5-9C05-00B0D0719D62} (SERhitlist Control) - http://synergy/cab/SERhitlist.cab
O16 - DPF: {2AFEA8C3-0E46-4A80-863F-A6E874080D40} (SERIndex Control) - http://synergy/cab/SERindex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098194223171
O16 - DPF: {974E63A9-A5E9-11D5-9BED-00B0D0719D62} (SERMenuToolbar Control) - http://synergy/cab/SERmenutoolbar.cab
O16 - DPF: {A49CE0E4-C0F9-11D2-B0EA-00A024695830} (Apex Date Control 6.0) - http://compel.repp.ox/CiphrNet/Components/tidate6.cab
O16 - DPF: {ACACC711-1A8A-11D4-8B32-00105A072BCE} (SERexport Control) - http://synergy/cab/SERexport.cab
O16 - DPF: {AD6609ED-55D8-4DB1-8586-A962A97D5548} (SERdocviewer Control) - http://synergy/cab/SERdocviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB8EF03F-9C1A-4BC1-9E0B-965CC4204CA8} (SERemWriter Control) - http://synergy/cab/SERemwriter.cab
O16 - DPF: {FBA751D9-86F8-4DBB-9554-F34B2608AC10} (SERgear Control) - http://synergy/cab/SERgear.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7537E7-E51C-4981-8502-6CD0156D3702}: NameServer = 64.69.177.77 195.44.199.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EECF8E3-AE82-48E7-9170-2E04CF719AD7}: NameServer = 192.168.208.30,192.168.208.55
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imap Burn Controls (Imap Burning Control) - Unknown owner - C:\WINDOWS\svchost32.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\LDCLIENT\LOCALSCH.EXE
O23 - Service: Intel PDS - IntelĀ® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\LDCLIENT\QIPCLNT.EXE
O23 - Service: Intel Targeted Multicast - LANDesk Software Ltd. - C:\LDClient\tmcsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk Software Ltd. - C:\LDClient\wuser32.exe

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Hello owenj, welcome to Daniweb. First off, we apolegize for bypassing your entry.

Therefore, if you're still having this problem, post a new log and we'll work from there.

Again, we apolegize.

Thanks.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.