1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

strange minimized window + hijack log

Discussion in 'Virus & Other Malware Removal' started by alhaja, Apr 7, 2007.

Thread Status:
Not open for further replies.
  1. alhaja

    alhaja Thread Starter

    Joined:
    Apr 7, 2007
    Messages:
    1
    A small window in taskbar running while I cant find a reference to the thing in applications window. I agreedto update latest version for Flash and since then I saw it.

    This is hijack log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:40:19, on 07/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\ISafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\PhxPsSvr.exe
    C:\WINDOWS\system32\PhxVtSvr.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\O2Micro\AudioDJ\O2CD.exe
    C:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Phoenix Technologies\Applications\Guard\Guard.exe
    C:\Program Files\Phoenix Technologies\Applications\RPro\XP\VBPTASK.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\g2notify.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\EGO USER\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=D...icTI1YlqrcwMz5vfy6DRDFnjbjKdF68Buh5aMdzOu3KQQ
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ego-lifestyle.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [O2ADJ] C:\Program Files\O2Micro\AudioDJ\O2CD.exe
    O4 - HKLM\..\Run: [CaAvTray] "c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\Applications\Guard\Guard.exe" /background
    O4 - HKLM\..\Run: [Recover Pro] "C:\Program Files\Phoenix Technologies\Applications\RPro\XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: g2notify.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.ego-lifestyle.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152191487046
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorie├źn - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Phoenix PSA Service (PhnxPsaService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxPsSvr.exe
    O23 - Service: Phoenix Vault Service (PhnxVaultService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxVtSvr.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - c:\Program Files\CA\eTrust EZ Armor\etrust EZ Antivirus\VetMsg.exe

    --
    End of file - 6678 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - strange minimized window
  1. eshepherd
    Replies:
    1
    Views:
    449
  2. GoldenSilence
    Replies:
    3
    Views:
    752
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/559204

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice