Seeking Help with Hijackthis Log included

mission17 · Aug 14, 2007

Hey guys I was wondering if you could analyze this hijackthis log to see if ther is anything could be causing this computer to be a little sluggish or if something is up with this computer. Thanks so much!

Jeff

Logfile of HijackThis v1.99.1
Scan saved at 10:03:05 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Grisoft\AVG7\avginet.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Charles\Local

Settings\Temp\wzcc73\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www

.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www

.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

=

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo

.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo

.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo

.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www

.yahoo.com
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}

- (no file)
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 216.93.174.28 ad.doubleclick.net
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} -

C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {48596948-3573-FD42-63B3-76DC0F467089} -

C:\WINDOWS\System32\arjxmfok.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8C922858-FC11-93CB-3CD4-F87BC1EC7662} -

C:\WINDOWS\system32\ofpkdrtq.dll (file missing)
O2 - BHO: (no name) - {90BC043B-F266-6423-1F8F-B6AF30FBC305} - (no

file)
O2 - BHO: Viewpoint Toolbar BHO -

{A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program

Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {B8979EF4-ED9C-4F95-2BF6-50148C0A0EAB} - (no

file)
O2 - BHO: (no name) - {CE12821A-A160-2213-4093-4B0957F666A8} -

C:\WINDOWS\System32\foufcwbb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Viewpoint Toolbar -

{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common

Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet

Tools\blsloader.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} -

file://c:\explorer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)

- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0

,4360/mcfscan.cab
O20 - AppInit_DLLs: ???
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. -

C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program

Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: vspyaxupnrif (MsUpdate6) - Unknown owner -

C:\WINDOWS\system32\msupd6.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

Crimsonite · Aug 14, 2007

I take it you're using the LogMeIn Remote Access Client, right? Anyways, you got couple Trojan Downloaders there. Mostly are just aftermath cleaning, but some of the remaining files are hogging your CPU/Memory usage as well as internet connection. And ViewPoint Media Player is actually a 3rd party program that hogs your system resources as well, it's also a pain in the butt to completely remove.

_______________________________________________
First open Taskmanager and kill these process:
ViewpointService.exe
ViewMgr.exe
msiexec.exe
_______________________________________________
Now open HiJackThis, run a Scan Only and put a check to the following entries then click "Fix":

C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\msiexec.exe

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 216.93.174.28 ad.doubleclick.net
O2 - BHO: (no name) - {48596948-3573-FD42-63B3-76DC0F467089} - C:\WINDOWS\System32\arjxmfok.dll (file missing)
O2 - BHO: (no name) - {8C922858-FC11-93CB-3CD4-F87BC1EC7662} - C:\WINDOWS\system32\ofpkdrtq.dll (file missing)
O2 - BHO: (no name) - {90BC043B-F266-6423-1F8F-B6AF30FBC305} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {B8979EF4-ED9C-4F95-2BF6-50148C0A0EAB} - (no file)
O2 - BHO: (no name) - {CE12821A-A160-2213-4093-4B0957F666A8} - C:\WINDOWS\System32\foufcwbb.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O20 - AppInit_DLLs: ???
O23 - Service: vspyaxupnrif (MsUpdate6) - Unknown owner - C:\WINDOWS\system32\msupd6.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
_______________________________________________
Now go to Add/Remove Program. Uninstall every program that is ViewPoint-related. If "MsUpdate" is in there, remove it as well. Next, reboot into Safemode and search for the following files and delete them all if still exist:

arjxmfok.dll
ofpkdrtq.dll
ViewBarBHO.dll
foufcwbb.dll
IEViewBar.dll
explorer.cab
msupd0.exe
msupd2.exe
msupd3.exe
msupd4.exe
msupd6.exe
ViewpointService.exe
AxMetaStream.dll
ComponentMgr.dll
MetaStreamID.ini
MtsAxInstaller.exe
npViewpoint.dll
npViewpoint.xpt
JpegReader.dll
Mts3Reader.dll
SceneComponent.dll
SreeDMMX.dll
SWFView.dll
WaveletReader.dll
_______________________________________________
Reboot normally after full deletion then post back a new HiJackThis log.

Seeking Help with Hijackthis Log included

mission17

New Member

Crimsonite

New Member