please check my logfile

**martinholliday** · 04.05.2005, 12:01

Code:

Logfile of HijackThis v1.99.1
Scan saved at 11:31:17, on 04/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wkfix.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 

ssbcache.kent.ac.uk:3128
O2 - BHO: (no name) - {040586B1-2E66-878B-C961-4BB116976016} - C:\WINDOWS\system32\mfcxv.dll 

(file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program 

files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton 

Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D1A0847C-6FE9-1C1B-B7D9-136476DC4E91} - C:\WINDOWS\System32\iqj.dll 

(file missing)
O2 - BHO: (no name) - {D1A08C7D-6F9C-1F1C-B7AF-1A6403AD4E97} - C:\WINDOWS\System32\iqj.dll 

(file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program 

Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program 

Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program 

files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe 

irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" 

/Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop 

cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software 

Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital 

Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] 

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eqillr] C:\WINDOWS\System32\arpa.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 

6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common 

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program 

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program 

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program 

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program 

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program 

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - 

http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - 

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - 

http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program 

Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - 

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony 

Shared\AVLib\Pacsptisvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet 

Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - 

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common 

Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common 

Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown 

owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" 

/Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file 

missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown 

owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" 

/Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media 

Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony 

Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony 

Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown 

owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" 

/Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media 

Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony 

Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

I'm getting an error message in Windows XP Home edition saying 'Generic Host Process for Win32 Services has encountered a problem and needs to close. The error report error signature says:

szAppName: szAppVer: 0.0.0.0 szModName: unknown
szModVer: 0.0.0.0 offset: 00000000

Once I click 'Don't Send' to close the programme, my sound card seems to go a bit strange. It works for some sounds but Media Player and iTunes won't play music, etc. I read an article on the Microsoft website that said it was a problem with my HP printer driver, so I followed their advice and re-installed it. I thought this had worked but the error message appeared again this morning. I think there might be a number of different problems linked to this program as there is lots on the google forums etc...?

Of the stuff in the logfile....

There seems to be a lot of 'possibly nasty' HP software, but I do have a HP Deskjet 3550 and, as mentioned, I installed new drivers yesterday.

I don't recognise this file - ISBMgr.exe - but it seems to be part of the Sony program files and I have a Sony Vaio VGN-A115B laptop so maybe its legitimate?

I've no idea about 'Backward Links', 'Cached Snapshot of Page', 'Similar Pages' etc etc.

O15 - Trusted IP range: 206.161.125.149 sounds nasty and I don't recognise it.

I recognise the server kent.ac.uk so that's fine.

There's quite a lot of 'possibly nasty' stuff that says the database suggests it should be in a different location but as I recognise the files these should be ok?

Thanks very much - this is driving me mad!

Cheers

**der_Tobi** · 04.05.2005, 14:48

Hi,
please post a log as you get it from Hijackthis. This means, without all those space lines between. And please read this:
http://forum.hijackthis.de/announcement.php?f=10
Thanks, T

Unregistered · 04.05.2005, 16:38

Sorry about that. Here we go, this is what I get from HijackThis:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 11:31:17, on 04/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wkfix.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\My Downloads\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ymoij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ssbcache.kent.ac.uk:3128
O2 - BHO: (no name) - {040586B1-2E66-878B-C961-4BB116976016} - C:\WINDOWS\system32\mfcxv.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D1A0847C-6FE9-1C1B-B7D9-136476DC4E91} - C:\WINDOWS\System32\iqj.dll (file missing)
O2 - BHO: (no name) - {D1A08C7D-6F9C-1F1C-B7AF-1A6403AD4E97} - C:\WINDOWS\System32\iqj.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\RunServices: [Internet2 Optimizer] wkfix.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eqillr] C:\WINDOWS\System32\arpa.exe
O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kent.ac.uk
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe

Thanks

**martinholliday** · 04.05.2005, 16:39

that was me posting by the way, forgot to log in. thanks

**Ruby** · 04.05.2005, 20:53

Welcome to HijackThis.de @ Martinholliday

Please scan these files

C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe

by Virustotal and Jotti.

Make me know the results.

Please load these files up to

C:\WINDOWS\System32\arpa.exe
C:\WINDOWS\System32\wkfix.exe

-> Upload malicious software. Thx

**martinholliday** · 05.05.2005, 20:23

I scanned these files:

C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe

as requested, and they were both OK.

From Malwareupload.com I received:

We have checked your file wkfix.exe an get the following result:
Backdoor.Rbot

I can't find the file arpa.exe, only a file called arp.exe - I uploaded arp.exe to be checked and am awaiting results.

What now?

Thanks

**Ruby** · 05.05.2005, 22:29

Hi Martinholliday

Go to safe mode:

Start - run - (type) cmd.exe [enter]
new window:
md C:\Bad [enter]
move C:\WINDOWS\System32\arpa.exe C:\Bad
exit

turn to normal mode

load the folder "Bad" (within that file) up to Upload malicious software.

---------------

# Open Windows Task Manager.
» press CTRL+SHIFT+ESC, then click the Processes tab.
# In the list of running programs, locate the malware file(s) detected earlier.
# Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
# Do the same for all detected malware files in the list of running processes.
# To check if the malware process has been terminated, close Task Manager, and then open it again.
# Close Task Manager:

wkfix.exe

Turn to safe mode

Using Windows Explorer delete this file:

C:\WINDOWS\System32\wkfix.exe

Make me see a new HJT Logfile. Thx

**martinholliday** · 06.05.2005, 00:27

I can't find the file arpa.exe only one called arp.exe is this the one you mean?

**Ruby** · 06.05.2005, 00:50

Hi Martinholliday

Please load down and unzip StartDreck.
(If you have no Zip-Program, you may download this one, it's free: Zipgenius.)

Run the StartDreck by Double-Click to StartDrek.exe:
Extract the file into a new folder c:\startdreck. (Windows Tutorial)
Navigate to c:\startdreck and double-click on Startdreck.exe
When the program opens click on the Config button.
Then click on the unmark all button.
Then put checkmarks in the following checkboxes:
Under Registry put a checkmark in the Run Keys checkbox.
Under System/Drivers put a check in the Running Proccess checkbox.
Press the OK button.
Press the Save button.
Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from.
If you choose the defaults the filename for the log will be StartDreck.log.

Post a copy of the log as a reply to this post. Thank you.

**martinholliday** · 06.05.2005, 09:13

OK, here we go...This is without having done what you said in the post before last because I couldn't find the arpa.exe file.

Code:

StartDreck (build 2.1.7 public stable) - 2005-05-06 @ 09:11:03 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Martin Holliday at STUE29E

»Registry
 »Run Keys
  »Current User
   »Run
    *msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    *Eqillr=C:\WINDOWS\System32\arpa.exe
    *Internet2 Optimizer=wkfix.exe
   »RunOnce
  »Default User
   »Run
    *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
    *Internet2 Optimizer=wkfix.exe
   »RunOnce
  »Local Machine
   »Run
    *Apoint=C:\Program Files\Apoint\Apoint.exe
    *ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    *Hcontrol=C:\WINDOWS\ATK0100\Hcontrol.exe
    *Mouse Suite 98 Daemon=ICO.EXE
    *BluetoothAuthenticationAgent=rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    *HKSERV.EXE=C:\Program Files\Sony\HotKey Utility\HKserv.exe
    *SonyPowerCfg=C:\Program Files\sony\vaio power management\SPMgr.exe
    *VAIO Update 2="C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
    *ezShieldProtector for Px=C:\WINDOWS\System32\ezSP_Px.exe
    *ISBMgr.exe=C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    *URLLSTCK.exe=C:\Program Files\Norton Internet Security\UrlLstCk.exe
    *Drag'n Drop CD+DVD=C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
    *HP Software Update="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    *DeviceDiscovery=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    *DataCaching=C:\PROGRA~1\DATACA~1\FLashKsk.exe
    *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe
    *Gtwatch=C:\WINDOWS\gtwatch.exe
    *mmtask=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    *iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
    *Internet2 Optimizer=wkfix.exe
    *HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    *HPDJ Taskbar Utility=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    +OptionalComponents
     +MSFS
      *Installed=1
     +MAPI
      *NoChange=1
      *Installed=1
     +MAPI
      *NoChange=1
      *Installed=1
   »RunOnce
   »RunServices
    *Internet2 Optimizer=wkfix.exe
   »RunServicesOnce
   »RunOnceEx
    *PPClean RunOnce insertion=regedit /s "C:\PPCleanRunOnce.reg"
   »RunServicesOnceEx
»Files
»System/Drivers
 »Running Processes
  +0=<idle>
  +4=<system>
  +776=\SystemRoot\System32\smss.exe
  +848=\??\C:\WINDOWS\system32\csrss.exe
  +888=\??\C:\WINDOWS\system32\winlogon.exe
  +936=C:\WINDOWS\system32\services.exe
  +948=C:\WINDOWS\system32\lsass.exe
  +1100=C:\WINDOWS\System32\Ati2evxx.exe
  +1128=C:\WINDOWS\system32\svchost.exe
  +1284=C:\WINDOWS\System32\svchost.exe
  +1540=C:\WINDOWS\System32\svchost.exe
  +1556=C:\WINDOWS\System32\svchost.exe
  +1848=C:\WINDOWS\system32\spoolsv.exe
  +2008=C:\WINDOWS\system32\Ati2evxx.exe
  +212=C:\WINDOWS\Explorer.EXE
  +820=C:\WINDOWS\System32\alg.exe
  +852=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
  +952=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  +1188=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
  +1516=C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
  +1928=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  +1976=C:\Program Files\Apoint\Apoint.exe
  +1944=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  +2000=C:\WINDOWS\ATK0100\Hcontrol.exe
  +128=C:\WINDOWS\System32\ICO.EXE
  +196=C:\WINDOWS\System32\svchost.exe
  +204=C:\Program Files\Sony\HotKey Utility\HKserv.exe
  +308=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  +328=C:\Program Files\sony\vaio power management\SPMgr.exe
  +436=C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
  +488=C:\WINDOWS\System32\ezSP_Px.exe
  +500=C:\Program Files\Sony\ISB Utility\ISBMgr.exe
  +516=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  +556=C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
  +580=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
  +620=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
  +644=C:\Program Files\QuickTime\qttask.exe
  +688=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
  +708=C:\Program Files\iTunes\iTunesHelper.exe
  +1256=C:\WINDOWS\System32\wkfix.exe
  +1524=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  +1408=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
  +1596=C:\WINDOWS\ATK0100\ATKOSD.exe
  +1624=C:\Program Files\MSN Messenger\msnmsgr.exe
  +1668=C:\Program Files\Apoint\Apntex.exe
  +2084=C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
  +2100=C:\Program Files\Sony\HotKey Utility\HKWnd.exe
  +2200=C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
  +2216=C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
  +2232=C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
  +3228=C:\Program Files\iPod\bin\iPodService.exe
  +1996=C:\WINDOWS\System32\wuauclt.exe
  +3140=C:\Program Files\Messenger\msmsgs.exe
  +372=C:\Program Files\Outlook Express\msimn.exe
  +3784=C:\Program Files\Internet Explorer\iexplore.exe
  +1684=C:\Program Files\StartDreck\StartDreck.exe
»Application specific

Thanks

Thema: please check my logfile

Themen-Optionen

please check my logfile

AW: please check my logfile

Re: please check my logfile

Re: please check my logfile

AW: please check my logfile

Re: please check my logfile

AW: please check my logfile

Re: please check my logfile

AW: please check my logfile

Re: please check my logfile

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

lOGFILE CHECK

Please Help: This Is My Logfile

Please check my log file

logfile - please help -about blank -> sp.dll/sp.html

Please check my log

Berechtigungen