MOVED From Other forum

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

oba888

Thread Starter
Joined
Nov 8, 2007
Messages
12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:54 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
C:\WINDOWS\System32\lxddcoms.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0396FC20-3EE3-43F4-AF08-B6EA7354F305} - (no file)
O2 - BHO: (no name) - {076B3B2A-DA03-496F-B6EB-99717CD01DB8} - (no file)
O2 - BHO: (no name) - {0AEF2941-71A2-4B4A-A572-6A3450B03D45} - (no file)
O2 - BHO: (no name) - {0FA74439-4AE2-410F-9520-BF543BF05124} - (no file)
O2 - BHO: (no name) - {115AEFF8-3861-4AC9-8E85-5CAC8BB0710D} - (no file)
O2 - BHO: (no name) - {12636A1A-B55B-44B5-929E-00B635ED2D88} - (no file)
O2 - BHO: (no name) - {1E4CD4A0-0D2D-49AB-9262-F41E69DBA37F} - (no file)
O2 - BHO: (no name) - {2C2E34F6-82A1-4E4A-8355-463E143ED6B9} - (no file)
O2 - BHO: (no name) - {30C20869-8351-466E-B764-345616A417C4} - (no file)
O2 - BHO: (no name) - {33CC02E6-E59C-4C39-B0AF-FD03D3C15721} - (no file)
O2 - BHO: (no name) - {35A54F90-0BE3-441B-A84F-663126925D28} - C:\WINDOWS\System32\fcyxw.dll (file missing)
O2 - BHO: (no name) - {3737507E-A97D-405B-B0BF-05A086086763} - (no file)
O2 - BHO: (no name) - {41A72692-EA1B-4A1E-A652-E822AEB61479} - (no file)
O2 - BHO: (no name) - {41B4D4E7-EEFC-4984-B52E-93ADFDE80EF1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622122C9-C747-42FD-BAB6-9348D512AEAE} - C:\WINDOWS\System32\urqqn.dll (file missing)
O2 - BHO: (no name) - {69E44491-CAD5-4CCB-AC96-01D92E87FC74} - (no file)
O2 - BHO: (no name) - {710F6B14-E6B4-4CCB-9F17-694BCC7CA31B} - (no file)
O2 - BHO: (no name) - {72BFF07C-7D65-4379-8315-4731B70B93DE} - (no file)
O2 - BHO: (no name) - {777B3626-C102-4560-8484-B76483D280C3} - (no file)
O2 - BHO: (no name) - {786EBE21-2EA9-4478-A566-91B9F29B7C6D} - (no file)
O2 - BHO: (no name) - {789BF2CF-8296-4975-ADEA-346A4DF2D089} - (no file)
O2 - BHO: (no name) - {798BB616-6FBD-4062-84A4-A506E6001923} - (no file)
O2 - BHO: (no name) - {7C45EEFE-4B0B-47C4-B0AF-FFB954089F6C} - (no file)
O2 - BHO: (no name) - {7D52468F-3FB9-4CC8-B27E-6B9EA1AE228A} - (no file)
O2 - BHO: (no name) - {7F6A4659-0616-4F57-AACC-A2657D6BF33C} - (no file)
O2 - BHO: (no name) - {897975F9-2853-4297-8F4E-2564EF9DEDFA} - (no file)
O2 - BHO: (no name) - {8F7B7C59-6E88-4E96-8DB8-BFCDD7D75605} - (no file)
O2 - BHO: (no name) - {9497044E-3E3C-4981-B9C7-B56168B661D0} - (no file)
O2 - BHO: (no name) - {A18C5ADA-E724-45FF-A61F-68160E40C188} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\glumbusa.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB5F5DF2-4F67-4202-B4BA-3E1C4CCD848C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B22C3AE2-B9F2-49A2-A1D1-506E6A8CA2D2} - (no file)
O2 - BHO: (no name) - {B32E019D-52E2-4382-8A60-B5E7FE4F9657} - (no file)
O2 - BHO: (no name) - {B49F3891-91FA-4753-A16D-0AB5F9286F34} - (no file)
O2 - BHO: (no name) - {B88048A0-7A66-44A1-BF7C-9DCA9B5A09D4} - (no file)
O2 - BHO: (no name) - {C8B420AC-589E-42A7-9817-B98D052A43F4} - (no file)
O2 - BHO: (no name) - {D1302FDD-519F-4112-8C22-B3081EA33CED} - (no file)
O2 - BHO: (no name) - {D4C1E15E-9299-4C14-AED6-A7D5AB718D9D} - (no file)
O2 - BHO: (no name) - {E0DE0D3B-EDC0-4A96-A6A8-A24B4F6EDC3E} - (no file)
O2 - BHO: (no name) - {EB39D725-C6C9-45A7-B06B-E17E5B72C28E} - (no file)
O2 - BHO: (no name) - {EB543366-D332-4B12-B1E3-2C4CE1641459} - (no file)
O2 - BHO: (no name) - {EC1A2A1F-B38C-B070-F1DB-B4DEBFC25C91} - (no file)
O2 - BHO: {f2e350cd-04e2-76cb-4684-8e431fd9e62f} - {f26e9df1-34e8-4864-bc67-2e40dc053e2f} - C:\WINDOWS\System32\nqajpijd.dll
O2 - BHO: (no name) - {F270A99F-E989-46C1-BADB-5B5F7B86622B} - (no file)
O2 - BHO: (no name) - {FE6ED510-BFEA-4859-97EF-10CE112AF191} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\glumbusa.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD6381] cmd /c del "C:\WINDOWS\system32\glumbusa.dllbox"
O4 - HKUS\S-1-5-18\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kzkq] C:\PROGRA~1\COMMON~1\kzkq\kzkqm.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{D0D871DE-05D7-1033-0917-020205230001}] "C:\Program Files\Common Files\{D0D871DE-05D7-1033-0917-020205230001}\Update.exe" mc-110-12-0000228 (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: ZDWLan Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1097780655.dll/gn_menu2.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.25/uploader2.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193192392534
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: cicjerzg - cicjerzg.dll (file missing)
O20 - Winlogon Notify: gggvwxgb - gggvwxgb.dll (file missing)
O20 - Winlogon Notify: glumbusa - glumbusa.dll (file missing)
O20 - Winlogon Notify: nnnomkh - nnnomkh.dll (file missing)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\azaml5511.dll (file missing)
O20 - Winlogon Notify: opnnnkl - opnnnkl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\System32\winpol.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: I3 Update Service (I3UpdateSvc) - Interactive Intelligence, Inc. - C:\Program Files\Interactive Intelligence\I3UpdateSvcU.exe
O23 - Service: lxdd_device - - C:\WINDOWS\System32\lxddcoms.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/crazy_hoops_icon.gif
O24 - Desktop Component 1: (no name) - C:\Program Files\WindowsUpdate\kyhe.html
O24 - Desktop Component 2: (no name) - C:\Program Files\Messenger\hofyfy.html
O24 - Desktop Component 3: (no name) - http://img.avatars.yahoo.com/users/1R2CHyrKHAAQF_CFYjAvUBA==.large.png
O24 - Desktop Component 4: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_what_up_icon.gif
O24 - Desktop Component 5: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/hy_hoops_in_love_icon.gif
O24 - Desktop Component 6: (no name) - http://www.hallmark.com/wcsstore/HallmarkStore/images/Content/jumpropeyoyo.gif

--
End of file - 14654 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top