Hijackthis Log: Please Help Diagnose

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Hijackthis Log: Please Help Diagnose

Options

JR1955 View Member Profile	Dec 15 2007, 07:01 AM Post #1
Member Group: Members Posts: 21 Joined: 7-December 07 Member No.: 175,052	Mod edit: Three topics merged into one. Please stick to the one topic for any one issue. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:52:24 AM, on 12/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Money\System\urlmap.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www2.enter.net/welcome R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer By Enter.Net O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Verizon\Verizon Internet Security Suite\FBHR.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Enter.Net Accelerator\prpl_IePopupBlocker.dll (file missing) O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe O4 - HKLM\..\Run: [cwbtfruq] C:\WINDOWS\system32\fuambahy.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: PowerReg SchedulerV2.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8693 bytes This post has been edited by Papakid: Dec 16 2007, 11:37 AM Reason for edit: Notice of thread merger

JR1955 View Member Profile	Dec 15 2007, 11:11 AM Post #2
Member Group: Members Posts: 21 Joined: 7-December 07 Member No.: 175,052	Would it be safe to turn off some of these start-up programs under misconfig,,, like maybe all of them except AVG,Teatimer ?

JR1955 View Member Profile	Dec 15 2007, 01:55 PM Post #3
Member Group: Members Posts: 21 Joined: 7-December 07 Member No.: 175,052	This a new log after some changes after i read the BC tutorial, i hope someone will advise me on this Thanks, jr1955

JR1955 View Member Profile	Dec 15 2007, 01:57 PM Post #4
Member Group: Members Posts: 21 Joined: 7-December 07 Member No.: 175,052	Sorry i did it wrond ,, here is the log jr1955

sjpritch25 View Member Profile	Dec 26 2007, 10:49 PM Post #5
Distinguished Member Group: HJT Team Posts: 613 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785	Where is the log?? Welcome to BC Sorry for the delay, the forum has been extremely busy lately. Since its been a few days, please post a fresh HIjackthis log. Thanks. -------------------- Microsoft MVP Consumer Security--2007-2009

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 03:13 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides