Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 03-16-2007, 11:49 PM   #1
Baseband Member
Join Date: Sep 2006
Posts: 28
Default My log file can you help

Here is my log from Hijack thiis i have no idea what it means can someone help me:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:33 PM, on 3/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\Owner\Desktop\vundofix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F01FF26-18F5-4613-BFD6-14DE2FBA24C3} - C:\WINDOWS\System32\opnnkjj.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {5013E61B-AE4B-4574-A538-D42EFAD58E9E} - C:\WINDOWS\System32\ddcyw.dll
O2 - BHO: (no name) - {67C5DDDD-CFCD-4C9B-A03B-6D8DC4528479} - C:\WINDOWS\System32\dydtuims.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\lafbjxse.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\cipryrnh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\System32\gyjcopvn.dll",setvm
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\dnjcqkds.dll",setvm
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\System32\ddcyw.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\System32\jkkjh.dll
O20 - Winlogon Notify: opnnkjj - C:\WINDOWS\SYSTEM32\opnnkjj.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft Corporation - Unknown owner - C:\WINDOWS\utorrent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

rangermike is offline   Reply With Quote
Old 03-16-2007, 11:52 PM   #2
Fully Optimized
hascet's Avatar
Join Date: Jul 2006
Posts: 3,218
Default Re: My log file can you help

copy and paste your log into this site, it will tell you everything about it: www.hijackthis.de

hascet is offline   Reply With Quote
Old 03-16-2007, 11:53 PM   #3
In Runtime
Daeva's Avatar
Join Date: Dec 2005
Posts: 407
Send a message via AIM to Daeva Send a message via MSN to Daeva Send a message via Yahoo to Daeva
Default Re: My log file can you help

I don't know that much about the hijack this logs like some people here do, but if you're still running SP1, and haven't upgraded to SP2, then that is one of your biggest problems right there. They don't offer support for SP1 anymore, and SP2 has a lot of security fixes.
**Official Self-proclaimed glorified excessive (insert additional adjectives here) post editor/modifier.
Edit = Best feature ever
Daeva is offline   Reply With Quote
Old 03-17-2007, 11:10 AM   #4
Baseband Member
Join Date: Sep 2006
Posts: 28
Default Re: My log file can you help

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


Must be fixed! Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


Must be fixed!
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.

how do i fix these
rangermike is offline   Reply With Quote
Old 03-17-2007, 11:14 AM   #5
Baseband Member
Join Date: Sep 2006
Posts: 28
Default Re: My log file can you help

ok how do i get SP2 i used to have it until i recovered my computer like a year ago and ever since never knew how to go back.
Also when i had windows sp2 i get lots of updated from the windows update the earth thing next to the time. Should i keep updating. The reason i don't is because their is to many of them and they take up to much room some of the updates are like 20 mb. Do the updates take room or replace something else.
rangermike is offline   Reply With Quote
Old 03-17-2007, 09:57 PM   #6
Daemon Poster
Starr's Avatar
Join Date: Apr 2005
Posts: 926
Send a message via AIM to Starr Send a message via MSN to Starr
Default Re: My log file can you help

It depends on the update. You should definantly be updating every time Microsoft releases a new patch. Not updating is a serious risk. Go here for the updates: http://update.microsoft.com/microsof...6/default.aspx

You should at least get all of the updates that Microsoft has listed as critical on its website.
AMD Athlon 64 3200+ Venice Core, MSI K8N Neo-4, 2x 512 Corsair Dual Channel, Nvidia Geforce fx 6600 256MB, 160GB HardDrive

Windows Vista Business Edition

"There are 10 types of people in the world. Those who know binary and those who don't."
Starr is offline   Reply With Quote
Old 03-25-2007, 05:24 AM   #7
Baseband Member
Join Date: Jun 2006
Posts: 23
Default Re: My log file can you help


If you're still following this topic, you need to run Atribune's VundoFix on the machine to remove the Vundo trojan.

Once complete, post the contents of C:\vundofix.txt and a new HijackThis log.

Warning: Installing SP2 on a machine with this malware may cause severe system instability. I advise you to wait until all the malware has been removed.
John McKenna is offline   Reply With Quote
Old 04-14-2007, 03:42 AM   #8
Baseband Member
SirMille's Avatar
Join Date: Apr 2007
Posts: 63
Default Re: My log file can you help

I've never heard of this site before
are they any good?

they are advertising WinFixer on the google ad banner, and that is malware IIRC
SirMille is offline   Reply With Quote
Old 04-15-2007, 05:23 AM   #9
Baseband Member
Join Date: Jun 2006
Posts: 23
Default Re: My log file can you help

Atribune is a well respected member of the anti-spyware community and developer of anti-malware tools. You will find his tools used by helpers in virtually every anti-spyware forum on the planet. The ads I believe are displayed by google.
John McKenna is offline   Reply With Quote
Old 04-18-2007, 01:28 PM   #10
Baseband Member
SirMille's Avatar
Join Date: Apr 2007
Posts: 63
Default Re: My log file can you help

I'll sign up and keep an eye on their forums, thanks for the heads up.

SirMille is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 01:02 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0