Member Avatar for owenj

hi im new to this ....but have read a few posts about this trojan.cachecache kit thing. Although this is not my computer i am trying to sort it. A trojan keeps coming up an an autoprotect window .. i take it somehting to do with symantec antivirus .. but when u close the window it keeps poppin up.

i did the hijack file thing - it appears below,

im aware that there is alot of unneeded programs perhaps conflicting programs on this computer but its a company laptop and the person is pretty clueless about any of it. (not that im much better ha)

thanks in advance for any help you can give me,
o

Logfile of HijackThis v1.99.1
Scan saved at 15:41:30, on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\LDCLIENT\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\LDCLIENT\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\LDCLIENT\SOFTMON.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\IPassConnectGUI.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\iPassConnectEngine.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Nortel Networks\extranet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPass\iPassConnect Harcourt Education\downloader\ipccheck.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\svchost32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://repp.ox/uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.210.154:80
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\LDCLIENT\SOFTMON.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect Harcourt Education\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelAPMClient] C:\LDClient\amclient.exe /apm /s
O4 - HKLM\..\Run: [LDIScn32] C:\LDClient\LDISCN32.EXE /NTT=HELOXFEMAP001:5007 /S="HELOXFEMAP001" /I=HTTP://HELOXFEMAP001/ldlogon/ldappl3.ldz /NOUI /W=10
O4 - HKLM\..\Run: [TaskCompletion] C:\LDClient\amclient.exe /tcs /s
O4 - HKLM\..\Run: [LDCstm32] C:\LDClient\LDCSTM32.EXE /s
O4 - HKLM\..\Run: [RegtoReg] C:\LDClient\RegtoReg.EXE
O4 - HKLM\..\Run: [VulScanner] C:\LDClient\vulscan.exe /coreserver=HELOXFEMAP001 /norepair
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: iPassConnect Harcourt Education.lnk = C:\Program Files\iPass\iPassConnect Harcourt Education\IPassConnectGUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {06CFBF60-DA35-45A9-963F-2B4E7E785E6B} (SERfontcolor Control) - http://synergy/cab/SERfontcolor.cab
O16 - DPF: {1D21DF63-57A0-4BF5-9F33-45DBB97606D8} (SERcriteria) - http://synergy/cab/SERcriteria.cab
O16 - DPF: {1F33EA91-3000-4B10-94B9-2F017453D748} (SERsearch) - http://synergy/cab/SERsearch.cab
O16 - DPF: {1FE9CF28-E98C-11D5-9C05-00B0D0719D62} (SERhitlist Control) - http://synergy/cab/SERhitlist.cab
O16 - DPF: {2AFEA8C3-0E46-4A80-863F-A6E874080D40} (SERIndex Control) - http://synergy/cab/SERindex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098194223171
O16 - DPF: {974E63A9-A5E9-11D5-9BED-00B0D0719D62} (SERMenuToolbar Control) - http://synergy/cab/SERmenutoolbar.cab
O16 - DPF: {A49CE0E4-C0F9-11D2-B0EA-00A024695830} (Apex Date Control 6.0) - http://compel.repp.ox/CiphrNet/Components/tidate6.cab
O16 - DPF: {ACACC711-1A8A-11D4-8B32-00105A072BCE} (SERexport Control) - http://synergy/cab/SERexport.cab
O16 - DPF: {AD6609ED-55D8-4DB1-8586-A962A97D5548} (SERdocviewer Control) - http://synergy/cab/SERdocviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB8EF03F-9C1A-4BC1-9E0B-965CC4204CA8} (SERemWriter Control) - http://synergy/cab/SERemwriter.cab
O16 - DPF: {FBA751D9-86F8-4DBB-9554-F34B2608AC10} (SERgear Control) - http://synergy/cab/SERgear.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D7537E7-E51C-4981-8502-6CD0156D3702}: NameServer = 64.69.177.77 195.44.199.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EECF8E3-AE82-48E7-9170-2E04CF719AD7}: NameServer = 192.168.208.30,192.168.208.55
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk(R) Development, Ltd - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imap Burn Controls (Imap Burning Control) - Unknown owner - C:\WINDOWS\svchost32.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\LDCLIENT\LOCALSCH.EXE
O23 - Service: Intel PDS - IntelĀ® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\LDCLIENT\QIPCLNT.EXE
O23 - Service: Intel Targeted Multicast - LANDesk Software Ltd. - C:\LDClient\tmcsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Intel Remote Control Service (Wuser32) - LANDesk Software Ltd. - C:\LDClient\wuser32.exe

  • 2 Contributors
  • 1 Reply
  • 92 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by 'Stein
Member Avatar for 'Stein

Hello owenj, welcome to Daniweb. First off, we apolegize for bypassing your entry.

Therefore, if you're still having this problem, post a new log and we'll work from there.

Again, we apolegize.

Thanks.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.