Could You Take A Look Please?

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Could You Take A Look Please?

Options

lsehbruce View Member Profile	May 31 2007, 07:07 PM Post #1
Authentic Member Group: Authentic Member Posts: 50 Joined: 6-June 06 Member No.: 56,487 Operating System: windows xp	I know you guys are busy, but could yo take a look at my log. My computer keeps shutting down on me...Thanks Logfile of HijackThis v1.99.1 Scan saved at 9:04:00 PM, on 5/31/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Fonts\aolupd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\System32\qogjmum.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe C:\Program Files\Picaboo\Picaboo\PicabooMain.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\Run: [fb] C:\WINDOWS\System32\fb.exe O4 - HKLM\..\Run: [etm] C:\WINDOWS\System32\etm.exe O4 - HKLM\..\Run: [wbqkvixmdj] C:\WINDOWS\System32\wbqkvixmdj.exe O4 - HKLM\..\Run: [uymxibyvj] C:\WINDOWS\System32\uymxibyvj.exe O4 - HKLM\..\Run: [nffiopvusmj] C:\WINDOWS\System32\nffiopvusmj.exe O4 - HKLM\..\Run: [qogjmum] C:\WINDOWS\System32\qogjmum.exe O4 - HKLM\..\Run: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\Run: [akhgbpiqscn] C:\WINDOWS\System32\akhgbpiqscn.exe O4 - HKLM\..\Run: [hfbdasdwgbjr] C:\WINDOWS\System32\hfbdasdwgbjr.exe O4 - HKLM\..\Run: [mefsj] C:\WINDOWS\System32\mefsj.exe O4 - HKLM\..\Run: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\Run: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\RunServices: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\RunServices: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\RunServices: [qogjmum] C:\WINDOWS\System32\qogjmum.exe O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://cube.async.caltech.edu/init.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Smart Update Service (AOL-Updatr) - Unknown owner - C:\WINDOWS\Fonts\aolupd.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: Print Spooler Service (ueexeuqspiyf) - Unknown owner - C:\WINDOWS\System32\fb.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Replies

shelf life View Member Profile	Jun 1 2007, 05:25 PM Post #2
SuperMember Group: Malware Expert Posts: 3,181 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Debian, Windows	hi lsehbruce, what is that? a honey pot? first lets stop a service: go to start>run and type in--> services.msc,<--in the list of services that comes up, under the name column look for: Print Spooler Service (there should be one called just-- Print Spooler,this one is legit leave it) right click on it and select properties. under the general tab: make sure that the service status is: Stopped and the Startup type is: disabled -------------------------------------------------- next we will use hjt, then boot into safe mode and last: get a antimalware app to scan with. you might want to copy/paste the part about safe mode into notepad and save it somewhere so you can find it in safe mode ---------------------------------------------------- next: scan with HJT, put a checkmark beside the items below, close all windows and click fix checked. O4 - HKLM\..\Run: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\Run: [fb] C:\WINDOWS\System32\fb.exe O4 - HKLM\..\Run: [etm] C:\WINDOWS\System32\etm.exe O4 - HKLM\..\Run: [wbqkvixmdj] C:\WINDOWS\System32\wbqkvixmdj.exe O4 - HKLM\..\Run: [uymxibyvj] C:\WINDOWS\System32\uymxibyvj.exe O4 - HKLM\..\Run: [nffiopvusmj] C:\WINDOWS\System32\nffiopvusmj.exe O4 - HKLM\..\Run: [qogjmum] C:\WINDOWS\System32\qogjmum.exe O4 - HKLM\..\Run: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\Run: [akhgbpiqscn] C:\WINDOWS\System32\akhgbpiqscn.exe O4 - HKLM\..\Run: [hfbdasdwgbjr] C:\WINDOWS\System32\hfbdasdwgbjr.exe O4 - HKLM\..\Run: [mefsj] C:\WINDOWS\System32\mefsj.exe O4 - HKLM\..\Run: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\Run: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\RunServices: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\RunServices: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\RunServices: [qogjmum] C:\WINDOWS\System32\qogjmum.exe ------------------------------------------------------------------------ safe mode part: boot computer into safe mode. to reach safe mode you would tap the f8 key during a computer restart. chose the first option form the list: safe mode once in safe mode, see all those 04 items you checked in hjt-- try to find and delete the .exe while in safe mode. luckily they are all in the system32 dir. if you cant find some of them dont worry about it, just get what you can. also in safe mode run your antivirus application. O4 - HKLM\..\Run: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\Run: [fb] C:\WINDOWS\System32\fb.exe O4 - HKLM\..\Run: [etm] C:\WINDOWS\System32\etm.exe O4 - HKLM\..\Run: [wbqkvixmdj] C:\WINDOWS\System32\wbqkvixmdj.exe O4 - HKLM\..\Run: [uymxibyvj] C:\WINDOWS\System32\uymxibyvj.exe O4 - HKLM\..\Run: [nffiopvusmj] C:\WINDOWS\System32\nffiopvusmj.exe O4 - HKLM\..\Run: [qogjmum] C:\WINDOWS\System32\qogjmum.exe O4 - HKLM\..\Run: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\Run: [akhgbpiqscn] C:\WINDOWS\System32\akhgbpiqscn.exe O4 - HKLM\..\Run: [hfbdasdwgbjr] C:\WINDOWS\System32\hfbdasdwgbjr.exe O4 - HKLM\..\Run: [mefsj] C:\WINDOWS\System32\mefsj.exe O4 - HKLM\..\Run: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\Run: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [odamcj] C:\WINDOWS\System32\odamcj.exe O4 - HKLM\..\RunServices: [nfnrnscmhgo] C:\WINDOWS\System32\nfnrnscmhgo.exe O4 - HKLM\..\RunServices: [gdjefzhe] C:\WINDOWS\System32\gdjefzhe.exe O4 - HKLM\..\RunServices: [uiskkhsj] C:\WINDOWS\System32\uiskkhsj.exe O4 - HKLM\..\RunServices: [qogjmum] C:\WINDOWS\System32\qogjmum.exe after the above, reboot computer normally- first stop is to download, install update (follow wizard) one of these, not both: avg antispyware: http://free.grisoft.com/freeweb.php/doc/20/lng/us/tpl/v5 super antispyware: http://www.superantispyware.com/ ---------------------------------------------------------- reboot computer after the scan (unless prompted to do so) rescan and post a new hjt log shelf life This post has been edited by shelf life: Jun 1 2007, 05:44 PM

Posts in this topic

lsehbruce Could You Take A Look Please? May 31 2007, 07:07 PM

shelf life hi lsehbruce, what is that? a honey pot? first... Jun 1 2007, 05:25 PM

lsehbruce I hope I did it right! By the way, I didn... Jun 3 2007, 08:22 AM

shelf life hi lsehbruce, ok good. we will use hjt again, but... Jun 3 2007, 09:49 AM

lsehbruce Here is my HJT log. Could you please tell me what... Jun 3 2007, 11:04 AM

shelf life hi lsehbruce, the honey pot comment was a joke, y... Jun 3 2007, 04:14 PM

lsehbruce My Norton Antivirus is expired. What do you sugge... Jun 3 2007, 06:13 PM

shelf life hi lsehbruce, if norton is expired you should uni... Jun 3 2007, 08:18 PM

lsehbruce Hi, before I download the windows update, I am ner... Jun 4 2007, 03:07 PM

shelf life hi lsehbruce, QUOTEat Dell told me it was from a ... Jun 4 2007, 04:13 PM

« Next Oldest · Infections Removal · Next Newest »

Display Mode: Switch to: Standard · Switch to: Linear+ · Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 20th March 2010 - 02:02 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy