Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
1 reply to this topic

#1 dddinstructor

dddinstructor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 19 March 2008 - 03:10 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:57 PM, on 3/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\4196jy.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {90C0EA24-11F8-4B93-BE75-6F5D82FAE15F} - C:\WINDOWS\System32\drmv2cltv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B4D9C651-9781-4F22-AC1B-76E7728BF412} - c:\windows\system32\cryptdlgp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [4196jy] C:\WINDOWS\system32\4196jy.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ovccrqj] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [ufpjegv] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [lsraqsc] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [psmvyfg] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [ihcbukr] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [drjmeus] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [ejvukjd] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [cwrdchj] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [ccxcrgu] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [ikdekmf] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [tbhtofy] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [whojnle] c:\windows\gbxrgmm.exe
O4 - HKCU\..\Run: [eatblon] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [thwgrww] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [oukfjoc] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [tgrgyte] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [lwxjudk] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [apwagbc] c:\windows\klptjch.exe
O4 - HKCU\..\Run: [faeucfq] c:\windows\wbsnhps.exe
O4 - HKCU\..\Run: [ubdvoxu] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [msiqsue] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [jlxjejm] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [mvxjywt] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [lnopkqa] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [jghwhtt] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [xlgopes] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [wytwast] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [xrfoiio] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [uhffsph] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [pctemfq] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [avwlelh] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [hdydmyn] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [giyfshe] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [hsyysgu] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [nynxnnc] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [hyoowfp] c:\windows\jynmbfh.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [EPSON Stylus Photo RX580 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_S131.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [4196jy] C:\WINDOWS\system32\4196jy.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {401F2F3A-8C56-4736-8C9E-37854F174AC9} - https://folders.buzzsaw.com/!/download/...Point-BZ-EN.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170751981421
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: qozmnzfm - C:\WINDOWS\SYSTEM32\cryptdlgp.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CA Personal Firewall ASEM - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9420 bytes

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:15 AM

Posted 07 April 2008 - 02:40 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users