home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Security and Privacy Issues
Can you please help me analyze this? Can you please help me analyze this?
Ask a Tech Support Question (free)!

Can you please help me analyze this?

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 1550
Discussions: 200,903, Posts: 2,378,877, Members: 246,272
Old March 27th, 2009, 03:12 AM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Mar 2009
Posts: 3
Can you please help me analyze this?
I ran this through the German HijackThis.de analyzer, but don’t know what to do with it from there. I added in icons, but they don't show except as boxes, where they put attention signs and red down thumbs where they said nasty or potentially nasty. Entries in brackets are [quotes from that analysis]. Thank you very much.
I will also need help with fixing whatever needs to be fixed.

StartupList report, 3/27/2009, 1:42:26 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16791)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]Possibly nasty! According to our database this process runs normally in c:\program files\shared files\pfshared\! Check if you know this process and arrange a viruscheck where required. Part of Tiny Personal Firewall]
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [ [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG] Possibly nasty! According to our database this process runs normally in c:\program files\tiny firewall.*\! Check if you know this process and arrange a viruscheck where required. Tiny Personal Firewall]
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]Possibly nasty! According to our database this process runs normally in c:\program files\shared files\pfshared\! Check if you know this process and arrange a viruscheck where required. Part of Tiny Personal Firewall]
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]Possibly nasty! According to our database this process runs normally in c:\program files\tiny personal firewall\! Check if you know this process and arrange a viruscheck where required. Tiny Personal Firewall Event Manager]
C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Sigrid\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDis tributedOnDemand.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.e xe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Realplayer\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

--------------------------------------------------

Listing of startup folders: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

Shell folders Startup: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
[C:\Documents and Settings\Sigrid\Start Menu\Programs\Startup]
Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.e xe

Shell folders Common Startup: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Adobe Acrobat Speed Launcher.lnk = ? [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
hpoddt01.exe.lnk = ? [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
officejet 6100.lnk = ? [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
SigmatelSysTrayApp = stsystra.exe[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG] [This is a unknown process.]
GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
cctray = "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
QOELOADER = "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
CAVRID = "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
cafwc = C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
capfasem = C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
(Default) = [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
capfupgrade = C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
EZGigMonitor.exe = C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
AcronisTimounterMonitor = C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
Apricorn Scheduler Service = "C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe"
SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding –boot [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DNS7reminder = "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
Adobe Version Cue CS2 = C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
PDVDDXSrv = "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
ISTray = "C:\Program Files\Spyware Doctor\pctsTray.exe"

--------------------------------------------------[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG] [???]

Autorun entries from Registry: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Google Update = "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
AbacastDistributedOnDemand:11 = C:\Documents and Settings\Sigrid\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDis tributedOnDemand.exe -r:11 -x:1
Zinio DLM = C:\Program Files\Zinio\ZinioReader.exe /autostart

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
SCRNSAVE.EXE=*INI section not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
drivers=*INI section not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]

Shell & screensaver key from Registry: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

Shell=Explorer.exe[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
SCRNSAVE.EXE=*Registry value not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
drivers=*Registry value not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

Policies Shell key: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

HKCU\..\Policies: Shell=*Registry key not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
HKLM\..\Policies: Shell=*Registry value not found*[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

--------------------------------------------------


Enumerating Browser Helper Objects: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

(no name) - (no file) - SOFTWARE[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Realplayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG][unknown program]
(no name) - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll - {78875F5C-A685-4405-8DC5-D48DC65452B0}
(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG] [unknown program]
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

CAAntiSpywareScan_Daily as Sigrid at 2 14 PM.job[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
FRU Task #Hewlett-Packard#hp officejet 6100 series#1223054566.job[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
GoogleUpdateTaskUserS-1-5-21-1993962763-1229272821-682003330-1003.job[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
User_Feed_Synchronization-{57577FB8-082A-4F51-95E1-5059CA95BE32}.job[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

--------------------------------------------------

Enumerating Download Program Files: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

[QuickTime Object] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://appldnld.apple.com.edgesuite....x/qtplugin.cab[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

[Shockwave ActiveX Control] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[MUWebControl Class] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
InProcServer32 = C:\WINDOWS\system32\muweb.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
CODEBASE = http://update.microsoft.com/microsof...?1230828062117[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}][IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

[get_atlcom Class] [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
CODEBASE = http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

--------------------------------------------------

Enumerating Winsock LSP files: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Protocol #1: C:\WINDOWS\system32\VetRedir.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Protocol #2: C:\WINDOWS\system32\VetRedir.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Protocol #3: C:\WINDOWS\system32\VetRedir.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
Protocol #19: C:\WINDOWS\system32\VetRedir.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items: [IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
CDBurn: C:\WINDOWS\system32\SHELL32.dll[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image001.gif[/IMG]
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 13,471 bytes
Report generated in 0.281 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x[IMG]file:///C:/DOCUME%7E1/Sigrid/LOCALS%7E1/Temp/msohtmlclip1/01/clip_image002.gif[/IMG]
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
sjkm is offline   Reply With Quote
Old March 27th, 2009, 12:05 PM     #2 (permalink)
Super Stealthy Moderator
 
RicheemxX's Avatar
 
Join Date: Jan 2003
Location: Outside the box
Posts: 5,550
Blog Entries: 4
Send a message via Yahoo to RicheemxX
Can you paste the original HijackThis log and not the page copied from the analyzer? And please let us know what the issue is that you are experiencing or why you think you have something that needs to be removed??

Here is a good tutorial that will guide you through removing anything nasty. I'd read that then rerun it through the analyzer. From there check off anything that is reported as nasty and let HT remove it.

It looks like you are already running CA Internet Security Suite and Spyware Doctor, so you shouldn't have any problems.
__________________
“Every question involves someone having to work for an answer, isn't it about time you did your share”
"Non-technical questions sometimes don't have an answer at all."
Linus Torvalds
RicheemxX is offline   Reply With Quote
Old March 27th, 2009, 07:03 PM     #3 (permalink)
Junior Member
 
Join Date: Mar 2009
Posts: 3
Hi RicheemxX,
below is the file again. I have also been getting warnings that my computer had to shut down a program called hn.
sjkm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:05 PM, on 3/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Sigrid\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDis tributedOnDemand.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.e xe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?tab=mc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [EZGigMonitor.exe] C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
O4 - HKLM\..\Run: [Apricorn Scheduler Service] "C:\Program Files\Common Files\Apricorn\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sigrid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Sigrid\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDis tributedOnDemand.exe -r:11 -x:1
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1993962763-1229272821-682003330-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.e xe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://wps.aw.com
O15 - Trusted Zone: Road Runner Help & Member Services Site Selector
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230828062117
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apricorn Scheduler Service (AcrSch2Svc) - Apricorn - C:\Program Files\Common Files\Apricorn\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 19044 bytes
sjkm is offline   Reply With Quote
Old March 27th, 2009, 08:49 PM     #4 (permalink)
Super Stealthy Moderator
 
RicheemxX's Avatar
 
Join Date: Jan 2003
Location: Outside the box
Posts: 5,550
Blog Entries: 4
Send a message via Yahoo to RicheemxX
Well other than being one of the longest HJT logs I've ever seen nothing stands out. All though you probably;y no that since you ran it through the analyzer. The only really questionable entries are from the Apricorn\EZ Gig II\ program. I had never heard of it but it seems to be legit.

Make sure your AV and spyware programs are up to date and run scans. If you don't puck-up anything and the only issue seems to be a random program shutting down then find out what that program is.
RicheemxX is offline   Reply With Quote
Old March 28th, 2009, 09:51 AM     #5 (permalink)
Junior Member
 
Join Date: Mar 2009
Posts: 3
Dear RicheemxX,
I did not know that because I have no comparison. The Apricorn is legit , it is a backup and cloning program which came with my external hard drive.
Thank you for checking this out for me!
I'll try to find more info on this HN program
Regards
sjkm is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
S.T.A.K.L.E.R. SOC 3D-Analyze Help RoflCopterCaptin General Gaming Discussion 2 August 12th, 2008 10:03 AM
Can't Analyze or Defrag Drives? Why? Xorcist Technical Support 3 February 7th, 2005 05:26 PM
Please analyze my hijackthis log ablang Technical Support 4 September 19th, 2004 12:03 AM
help me analyze bootlog time printout John Prophet Technical Support 8 February 26th, 2004 01:03 AM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (2799)
Is the PSU I received dead? (10)
Install XP pro and a Vista laptop ?.. (7)
California Passes Anti-Flat-HDTV Le.. (38)
A good PSU? (10)
Fox uses old news clips to inflate .. (33)
Foreign voltage (5)
New Computer wont recognize XP disc (7)
HIS HD5770 graphic card question (11)
Dept. of HS: NSA 'Helped' Develop V.. (12)
Print spooler problem (5)
EVGA 9800 gtx help with finding a g.. (6)
Ideal cheap graph card for PC-Gamin.. (13)
Mysterious Boot manager (9)
Recent Discussions
HIS HD5770 graphic card question (11)
Need hard disk drivers (3)
Cloning old drive to new drive (6)
Asus P4G8X Mobo (0)
Amptron monitor G17FP-Black (0)
windows vista security holes (0)
EVGA 9800 gtx help with finding a goo.. (6)
A good PSU? (10)
Install XP pro and a Vista laptop ?? (7)
Is the PSU I received dead? (10)
Ideal cheap graph card for PC-Gaming? (13)
HP Pavillion Laptop ze4220 won't turn.. (7)
Dept. of HS: NSA 'Helped' Develop Vis.. (12)
Foreign voltage (5)
Convert 5 pin Keyboard to USB (11)
Print spooler problem (5)
hybernate option (2)
Steam ID's, Gamertags etc... (1)
New Computer wont recognize XP disc (7)
World's largest Monopoly Game using G.. (328)
Modern Warfare 2: Who Bought It? (60)
[F@H SPAM 11/16/09] ! 1/2 months to r.. (28)
blender help (2)
Hard drive freezes boot (1)
Mysterious Boot manager (9)


All times are GMT -4. The time now is 02:26 AM.
TechIMO Copyright 2009 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings, Avoid Scam Businesses - Geek News - Tech News for the Geek In You- Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28