Suspected Trojan. Programs crashing

April 17, 2009 at 18:48:18
Specs: Windows XP, 2 gigs
My computer's programs keep crashing.

Here's my virus scanner results(this should help a lot).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:34 PM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will's Dojo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.co...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: C:\WINDOWS\system32\jh9fgo4ksdgf.dll - {D7BF4552-94F1-42BD-F434-3604812C856D} -
C:\WINDOWS\system32\jh9fgo4ksdgf.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA
Corporation\nTune\nTuneCmd.exe" clear (User '?')
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware
SE Plus\Ad-Watch.exe" (User '?')
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [BitTorrent DNA] "C:\Program
Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -
silent (User '?')
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3993023176-1894927675-2772396615-1005\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\h4ryd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\h4ryd.exe (User 'Default user')
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microso...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microso...
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScan...
O22 - SharedTaskScheduler: sfdawtawgreage4tregrgae34 - {D7BF4552-94F1-42BD-F434-3604812C856D} -
C:\WINDOWS\system32\jh9fgo4ksdgf.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - c:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - c:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8112 bytes


Anyone know what to do?


See More: Suspected Trojan. Programs crashing

Report •


#1
April 17, 2009 at 18:54:40
Yes you are infected.

I wish this forum would allow you to post Hijack This logs without a request but for now it does not.


Report •

#2
April 17, 2009 at 18:56:33
So you're not going to help?

Report •

#3
April 17, 2009 at 18:58:52
You broke the forum rules, we are not supposed to.

Report •

Related Solutions

#4
April 17, 2009 at 19:00:58
Could you help me in private messages instead? I'll delete this
post if so.

Report •

#5
April 17, 2009 at 19:05:15
I don't think you can delete the thread but if you can why don't you just delete it and start again without posting a HJT log.

Looks like another work around would be to start a new thread with a different screen name....wonder if I should have said that?


Report •


Ask Question