Here is my hijackthis log..any suggestions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:28 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM..\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [MRT] “C:\WINDOWS\system32\MRT.exe” /R
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carly\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\mopazazi.dll c:\windows\system32\sezerabo.dll
O20 - Winlogon Notify: efcYstuR - efcYstuR.dll (file missing)
O20 - Winlogon Notify: ualaca - C:\PROGRA~1\COMMON~1\TIVOSH~1\ualaca.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


End of file - 7302 bytes

:slight_smile: Hi :

People normally post HijackThis log(s) when they are experincing problems !?
Do you have any ?
As to the Info in the Log, it appears :

  1. You have an outdated version of the malware-prone Adobe Reader ; best
    to uninstall it and use the SAFER and FREE “Foxit Reader”, as I and many
    Others on this forum .
  2. You have an outdated version of Java, a serious security risk . Not knowing
    IF you MAY have multiple “versions” of this program, I recommend you use the
    FREE “JavaRa” program, available at http://raproducts.org .
  3. You have the adware “Viewpoint Manager” ; unless you are using AOL
    as your Internet Service Provider, I recommend you uninstall this “Service” .

Hi bjc13,

There are other issues besides those mentioned by Spiritsongs. There was no active firewall detected or do you use the Windows one that is only one-sided by default.

Check the following file by uploading to virustotal.com and report the scan link back to us:
O20 - AppInit_DLLs: C:\WINDOWS\system32\mopazazi.dll c:\windows\system32\sezerabo.dll

Associated Malware Groups

The filename is associated with the malware groups: heur Trojan.gen 32Win

* Cloaked Malware
* Fraudulent Security Program

File Behavior

SEZERABO.DLL has been seen to perform the following behavior:

* The Process is packed and/or encrypted using a software packing process
* Found on infected systems and resists interrogation by security products

SEZERABO.DLL has been the subject of the following behavior:

* Created as a process on disk
* Registered as a Dynamic Link Library File
* Added as a Registry auto start to load Program on Boot up

Country Of Origin

The filename SEZERABO.DLL was first seen on May 17 2009 in the following geographical region of the Prevx community:

* SPAIN on May 17 2009

polonus


In addition to the above, an analysis of your HJT log shows the following entries that can be removed with HJT :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Unnecessary (deactivated) entry that can be fixed. (Yahoo Companion)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carly\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
Unnecessary (deactivated) entry that can be fixed.

O20 - Winlogon Notify: efcYstuR - efcYstuR.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.

O20 - Winlogon Notify: ualaca - C:\PROGRA~1\COMMON~1\TIVOSH~1\ualaca.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.

While the above entries are of no threat, they are useless registry entries. These 4 will not cause much of a problem, but with time, when entries like these are left behind, there will be many which can slow for computer to some degree.

Overview of running tasks :

smss.exe
System task
Session Manager Subsystem

winlogon.exe
System task
Microsoft Windows Logon Process

services.exe
System task
Windows Service Controller

lsass.exe
System task
Local Security Authority Service

Ati2evxx.exe
Driver
ATI Display Adapter Assistant

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

svchost.exe
System task
Microsoft Service Host Process

Ati2evxx.exe
Driver
ATI Display Adapter Assistant

spoolsv.exe
System task
Microsoft Printer Spooler Service

Explorer.EXE
System task
Microsoft Windows Explorer

ipoint.exe
Driver
Microsoft IntelliPoint

Reader_sl.exe
Backgroundtask
Adobe Reader Speed Launch

Reader_sl.exe
Backgroundtask
Adobe Reader Speed Launch

jusched.exe
Backgroundtask
Sun Java Update Scheduler

iTunesHelper.exe
Application
Apple Itunes

ashDisp.exe
Virusscan
Avast AntiVirus

ctfmon.exe
System task
Alternative User Input Services

AppleMobileDeviceService.exe
Backgroundtask
Apple Mobile Device Service

HPZipm12.exe
Driver
HP Taskbar Utility

PRISMXL.SYS
Backgroundtask
Lanovation PrismXL Service

svchost.exe
System task
Microsoft Service Host Process

TiVoBeacon.exe
Backgroundtask
TiVo Desktop Software Component

ViewpointService.exe
Backgroundtask
View Manager Service

iPodService.exe
Backgroundtask
Apple iTunes

wscntfy.exe
System task
Microsoft Windows Security Center

svchost.exe
System task
Microsoft Service Host Process

NOTEPAD.EXE
Application
Windows Notepad

NOTEPAD.EXE
Application
Windows Notepad

HijackThis.exe
Application
Merijn Hijackthis