Unrecognizable Process Running; Advice
Started by
egoaway
, Feb 02 2004 05:42 PM
3 replies to this topic
#1
Posted 02 February 2004 - 05:42 PM
Register to Remove
#2
Posted 02 February 2004 - 07:36 PM
First...Please run this uninstaller:
http://www.memorywat....com/uninst.exe
Could you download HijackThis, extract it from the zip file into it's own directory like c:\program files\hijackthis\hijackthis.exe. This way you will be able to restore backups if anything goes wrong. If you run it from the zip file you will not be able to restore.
Scan your computer. When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All, Ctrl-C to copy and come back to this thread and press Ctrl-V to paste the contents.
Don't fix anything yet as most of what it lists will be harmless.
http://www.spywarein.../hijackthis.zip
or unzipped
http://www.merijn.or.../HijackThis.exe
http://www.memorywat....com/uninst.exe
Could you download HijackThis, extract it from the zip file into it's own directory like c:\program files\hijackthis\hijackthis.exe. This way you will be able to restore backups if anything goes wrong. If you run it from the zip file you will not be able to restore.
Scan your computer. When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All, Ctrl-C to copy and come back to this thread and press Ctrl-V to paste the contents.
Don't fix anything yet as most of what it lists will be harmless.
http://www.spywarein.../hijackthis.zip
or unzipped
http://www.merijn.or.../HijackThis.exe
CoolWeb Shredder : Hijack This : How did I get infected in the first place?
Ad-Aware : Spybot S&D : SpywareBlaster : SpywareGuard
Ad-Aware : Spybot S&D : SpywareBlaster : SpywareGuard
#3
Posted 03 February 2004 - 08:06 AM
Please help me thankyou, chris (egoaway)
Logfile of HijackThis v1.97.7
Scan saved at 9:05:23 AM, on 2/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\GEARSEC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\ACCESS~1\POP-UP~1\PSFree.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GNUBMSZCJ] C:\WINNT\GNUBMSZCJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\ACCESS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6818066-4D0B-4D14-A4CF-C1BE92B09A08}: NameServer = 204.127.160.2 12.102.240.2
Logfile of HijackThis v1.97.7
Scan saved at 9:05:23 AM, on 2/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\GEARSEC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\ACCESS~1\POP-UP~1\PSFree.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lwinst Run Profiler] .\Lwtest.exe /detect /quiet /launch ".\Lwpevntm.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [GNUBMSZCJ] C:\WINNT\GNUBMSZCJ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\ACCESS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....SBFullSInst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6818066-4D0B-4D14-A4CF-C1BE92B09A08}: NameServer = 204.127.160.2 12.102.240.2
#4
Posted 03 February 2004 - 09:20 AM
Run Hijack This and check these boxes:
O4 - HKLM\..\Run: [GNUBMSZCJ] C:\WINNT\GNUBMSZCJ.exe
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....SBFullSInst.cab
Close all browser windows and hit fix.
Reboot and delete:
C:\WINNT\GNUBMSZCJ.exe
You may need to show hidden files to delete them. How to show hidden files.
Post a fresh log when done.
O4 - HKLM\..\Run: [GNUBMSZCJ] C:\WINNT\GNUBMSZCJ.exe
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....SBFullSInst.cab
Close all browser windows and hit fix.
Reboot and delete:
C:\WINNT\GNUBMSZCJ.exe
You may need to show hidden files to delete them. How to show hidden files.
Post a fresh log when done.
CoolWeb Shredder : Hijack This : How did I get infected in the first place?
Ad-Aware : Spybot S&D : SpywareBlaster : SpywareGuard
Ad-Aware : Spybot S&D : SpywareBlaster : SpywareGuard
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users