Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Gone through the 5 steps, have HJT log, help!?

Started by timrb13 , Feb 16 2005 10:29 AM

  • Please log in to reply

#1
timrb13
Posted 16 February 2005 - 10:29 AM

timrb13

    Member

  • Member
  • PipPip
  • 13 posts
I am seeking some advice on what processes are running without my knowledge. I have noticed increased cpu usage and decreased responsiveness in my applications. I am posting my HJT log file in hopes that someone can advise me. By the way, I am very new at fighting back against spyware, malware, and trojans, so be sensitive to my incompetence. Thanks in advance.

Logfile of HijackThis v1.99.0
Scan saved at 10:17:53 AM, on 2/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINNT\system32\cusrvc.exe
C:\PROGRA~1\Navnt\DefWatch.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
C:\PROGRA~1\Navnt\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\vnxserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NWTRAY.EXE
C:\PROGRA~1\KPMGES~1\SMARTB~1\MotiveSB.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTX\MNMCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Content Download\731439\Program\Digital Distribution.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\Pvdcci.exe
C:\WINNT\system32\prutpct.exe
C:\WINNT\system32\prutpct.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\PhotoEd\PHOTOED.EXE
D:\Documents and Settings\tbeadles\My Documents\HJTlogProgram\HijackThis.exe

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CABC] D:\Content Download\731439\Program\backWeb-731439.exe -startup
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [LiveUpdate Check] C:\Program Files\navnt\vpdn_lu.exe /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\KPMGES~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [MNM] "C:\Program Files\GlobeSoft\MultiNetwork Manager\\NTX\MNMCtrl" /h /d 20
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Digital Distribution] "D:\Content Download\731439\Program\Digital Distribution.exe" -startup
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\Kodwtu.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\system32\Pvdcci.exe
O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx
O4 - HKCU\..\Run: [prutpct] C:\WINNT\system32\prutpct.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\netware\nwws2nds.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} (RSFTreeView Class) - http://eformrs.com/F...n/RSFormsTV.cab
O16 - DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} (CommonBridge Class) - http://gosystemrs.fa...OCX/comconv.cab
O16 - DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} (RSFCalculating Class) - http://eformrs.com/F...Dll/RSFCalc.cab
O16 - DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} (CLRMachineInfoCtl Class) - http://eformrs.com/RSLoginModule.cab
O16 - DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} (CLRTabbedList Class) - http://gosystemrs.fa...STabbedList.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://gosystemrs.fa...CX/iftwclix.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....00719/sb02a.cab
O16 - DPF: {6D59A1DF-87FB-11D4-836D-00805F6FC463} - http://usisweb.us.kw...MS/SetupINF.cab
O16 - DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} (WebAttachObj Class) - http://gosystemrs.fa...Attachments.cab
O16 - DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} (GRSNotifierCtrl Class) - http://gosystemrs.fa...webnotifier.cab
O16 - DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} (MultiDownload Class) - http://gosystemrs.fa.../Downloader.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://gosystemrs.fa.../OCX/msxml4.cab
O16 - DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} (IParseCSV Class) - http://gosystemrs.fa...OCX/DCParse.cab
O16 - DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} (FrmSrcCt Control) - http://gosystemrs.fa.../OCX/frmsrc.cab
O16 - DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} (RSFDisplay Class) - http://eformrs.com/F...n/RSFormsDP.cab
O16 - DPF: {A4634896-2F55-4B94-BD2E-A2CF4F7B0146} - http://useomapp330/f...t/checklist.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://gosystemrs.fa...t2004/setup.exe
O16 - DPF: {BFDF0737-E4C4-4150-95BD-0A8AE9B372C3} (RSFConvert.MDB) - http://eformrs.com/RSFConvert.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (:-) VideoSoft FlexGrid 7.0 (OLEDB)) - http://gosystemrs.fa...OCX/vsflex7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{765AEB1E-DD38-41B3-B3EA-49ACF0932E2B}: NameServer = 10.13.240.10,10.1.150.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D9661F5-4429-4E89-870E-1B8A44D204EF}: NameServer = 10.13.240.10,10.1.150.7
O23 - Service: Altiris eXpress NS Client - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Client Update Service for Novell - Novell, Inc. - C:\WINNT\system32\cusrvc.exe
O23 - Service: CWShredder Service - Unknown - D:\Documents and Settings\tbeadles\Local Settings\Temporary Internet Files\Content.IE5\0LQ7052V\CWShredder[1].exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Navnt\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Navnt\Rtvscan.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Vsclient Service - Unknown - C:\WINNT\system32\vnxserv.exe
  • 0

Advertisements

#2
timrb13
Posted 16 February 2005 - 12:47 PM

timrb13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I'm surprised, some people are getting responses, I'm still waiting... :tazz:

Perhaps my question is not direct enough, if that is the case, please let me know what to be more specific about. Again, thanks in advance to whomever is able to help me.
  • 0

#3
timrb13
Posted 17 February 2005 - 08:35 AM

timrb13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
just moving this back up so maybe I can get help... thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP