Windows process and HijackThis log tool bv1.2g

Computer Hope HijackThis log tool overview (created Thu Jan 22 03:14:15 2009):
Unique found: 56 - Unknown: 1- Total: 57
Processes / services not required: 49 (that are not hardware / security: 25) - Potential threats: 15
windows xp sp3 (winnt 5.01.2600) - Windows directory: \windows\ - Detected Antivirus: AVG

Path	Process	Description
	No Firewall	We could not detect a firewall process running on this computer. If no firewall is running on the computer we strongly suggest either enabling the Windows Firewall or installing another firewall.
$o23 - service: mcafee application installer cleanup (0246231222493699) (0246231222493699mcinstcleanup) - unknown owner - c:\docume~1\hannah~1\locals~1\temp\024623~1.exe (file missing)$	Missing	Your Hijackthis log contains a missing file reference to: 1.exe. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: yaywvuri.dll. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {2318c2b1-4965-11d4-9b18-009027a5cd4f}. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {0bf43445-2f28-4351-9252-17fe6e806aa0}. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {53e0b6e8-a51d-448b-b692-40b67b285543}. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {fa7096aa-591c-4749-8dda-92eb595622fd}. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {ca7fbe14-5973-4e41-b738-2e3b567cac4c}. Although not a threat to the computer it may cause errors.
$o2 - bho: (no name) - {8725e047-7220-42e0-912f-8fe0bbdbea01} - c:\windows\system32\ddcdsqpq.dll (file missing)$	Missing	Your Hijackthis log contains a missing file reference to: ddcdsqpq.dll. Although not a threat to the computer it may cause errors.
$o2 - bho: {4af28625-91f9-c5f8-5d14-98b5a02c00e7} - {7e00c20a-5b89-41d5-8f5c-9f1952682fa4} - c:\windows\system32\jbkgns.dll$	Unknown	Although unknown jbkgns.dll is suspicious since many legitimate unknown files do not run from the Windows path. Click here to open Google search for this process.
$o2 - bho: (no name) - {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\desrcas.dll (file missing)$	Missing	Your Hijackthis log contains a missing file reference to: desrcas.dll. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}. Although not a threat to the computer it may cause errors.
	Missing	Your Hijackthis log contains a missing file reference to: {ef99bd32-c1fb-11d2-892f-0090271d4f88}. Although not a threat to the computer it may cause errors.
$r3 - urlsearchhook: (no name) - {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\desrcas.dll (file missing)$	Missing	Your Hijackthis log contains a missing file reference to: desrcas.dll. Although not a threat to the computer it may cause errors.
	HijackThis	It appears you're looking at an old HijackThis log (dated: 1/3/2009) if this is your computers log we suggest re-running HijackThis and getting a more up-to-date log to look at.
$c:\windows\system32\smss.exe$	smss.exe	Microsoft Windows Session Manager Subsystem process that should be located in the C:\Windows\System32 directory
$c:\windows\system32\winlogon.exe$	winlogon.exe	Microsoft Windows Logon Process that should be located in the C:\Windows\System32 or C:\Windows directory
$c:\windows\system32\services.exe$	services.exe	Microsoft Windows Service Controller that should be located in the C:\Windows\System32 directory
$c:\windows\system32\lsass.exe$	lsass.exe	Microsoft Windows security authority process that should be located in the C:\Windows\System32 directory
$c:\windows\system32\svchost.exe$	svchost.exe	Microsoft Service Host Process that should be located in the C:\Windows\System32 directory
$c:\windows\explorer.exe$	explorer.exe	Microsoft Windows Explorer
$c:\program files\trend micro\hijackthis\hijackthis.exe$	HijackThis.exe	HijackThis program
$c:\program files\internet explorer\iexplore.exe$	iexplore.exe	Microsoft Internet Explorer browser
$c:\windows\system32\ctfmon.exe$	ctfmon.exe	Microsoft Office text input process that should be located in the C:\Windows\System32 or C:\Windows directory
$o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll$	acroiehelper.dll	Adobe Acrobat Internet Explorer helper DLL
$o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot~1\sdhelper.dll$	sdhelper.dll	Spybot Search and Destroy DLL
$o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll$	ssv.dll	Sun Java helper browser plugin DLL
$o2 - bho: avg security toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - c:\program files\avg\avg8\avgtoo~1.dll$	avgtoo~1.dll	AVG toolbar DLL
$o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe$	syntpenh.exe	Synaptics TouchPad driver
$o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe$	igfxtray.exe	Intel Graphics driver process
$o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe$	hkcmd.exe	Intel graphics driver and hotkey keyboard hotkey process
$o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe$	igfxpers.exe	Intel video graphics process
$o4 - hklm\..\run: [sigmatelsystrayapp] stsystra.exe$	stsystra.exe	Sigmatel audio driver
$o4 - hklm\..\run: [dell quickset] c:\program files\dell\quickset\quickset.exe$	quickset.exe	Dell power management process
$o4 - hklm\..\run: [dvdlauncher] "c:\program files\cyberlink\powerdvd\dvdlauncher.exe"$	dvdlauncher.exe	Cyberlink DVD PowerCinema process
$o4 - hklm\..\run: [realtray] c:\program files\real\realplayer\realplay.exe systemboothideplayer$	realplay.exe	Real Player process
$o4 - hklm\..\run: [isuspm startup] c:\program files\common~1\instal~1\update~1\isuspm.exe -startup$	isuspm.exe	Macrovision InstallShield update checker process
$o4 - hklm\..\run: [isusscheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start$	issch.exe	InstallShield software update process
$o4 - hklm\..\run: [mimboot] c:\program files\musicm~1\musicm~3\mimboot.exe$	mimboot.exe	Musicmatch Jukebox media player process
$o4 - hklm\..\run: [aoldialer] c:\program files\common files\aol\acs\aoldial.exe$	aoldial.exe	AOL Internet dialer
$o4 - hklm\..\run: [hostmanager] c:\program files\common files\aol\1169079962\ee\aolsoftware.exe$	aolsoftware.exe	AOL library process
$o4 - hklm\..\run: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"$	dsca.exe	Dell Support Center process
$o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"$	reader_sl.exe	Adobe Acrobat Reader load time reduction process
$o4 - hklm\..\run: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /p dellsupportcenter$	sprtcmd.exe	Dell support agent process. Also an agent file used with many different ISP software packages.
$o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"$	jusched.exe	Sun Microsystems Java Update scheduler
$o4 - hklm\..\run: [avg8_tray] c:\program files\avg\avg8\avgtray.exe$	avgtray.exe	AVG AntiVirus systray process
$o4 - hklm\..\runonce: [spybotsnd] "c:\program files\spybot - search & destroy\spybotsd.exe" /autocheck$	spybotsd.exe	Spybot Search and Destroy (S&D) spyware application
$o4 - hkcu\..\run: [modemonhold] c:\program files\netwaiting\netwaiting.exe$	netwaiting.exe	Internet connection toggle process that enables you to switch between your modem connection and a voice call without breaking connection
$o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background$	msmsgs.exe	Microsoft MSN Messenger
$o4 - hkcu\..\run: [dellsupport] "c:\program files\dellsupport\dsagnt.exe" /startup$	dsagnt.exe	Dell support and update agent process
$o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe$	teatimer.exe	Spybot Search and Destroy process
$o8 - extra context menu item: e&xport to microsoft excel - res://c:\program files\micros~4\office10\excel.exe/3000$	excel.exe	Microsoft Excel
$o9 - extra button: real.com - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - c:\windows\system32\shdocvw.dll$	shdocvw.dll	Microsoft Windows Shell Doc Object and Control Library. Used to display folders while in Windows DLL
$o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe$	xpnetdiag.exe	Microsoft Windows XP network diagnostics tool
$o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe$	xpsp3res.dll	Microsoft Windows XP service pack 3 (SP3) network diagnostics DLL
	facebookphotouploader3.cab	Facebook.com photo uploader CAB
$o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\avgpp.dll$	avgpp.dll	AVG Internet security DLL
$o23 - service: aol connectivity service (aol acs) - aol llc - c:\program files\common~1\aol\acs\aolacsd.exe$	aolacsd.exe	AOL Internet connection process
$o23 - service: avg free8 e-mail scanner (avg8emc) - avg technologies cz, s.r.o. - c:\program files\avg\avg8\avgemc.exe$	avgemc.exe	AVG AntiVirus e-mail scanner
$o23 - service: avg free8 watchdog (avg8wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg8\avgwdsvc.exe$	avgwdsvc.exe	AVG watchdog security process
$o23 - service: brsplservice (brother xp spl service) - brother industries ltd - c:\windows\system32\brsvc01a.exe$	brsvc01a.exe	Samsung printer manager that should be located in the C:\Windows\System32 directory
$o23 - service: dsbrokerservice - unknown owner - c:\program files\dellsupport\brkrsvc.exe$	brkrsvc.exe	Dell Support service
$o23 - service: lexbce server (lexbces) - lexmark international, inc. - c:\windows\system32\lexbces.exe$	lexbces.exe	Lexmark printer network sharing service
$o23 - service: nicconfigsvc - dell inc. - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe$	nicconfigsvc.exe	Dell power management process
$o23 - service: supportsoft sprocket service (dellsupportcenter) (sprtsvc_dellsupportcenter) - supportsoft, inc. - c:\program files\dell support center\bin\sprtsvc.exe$	sprtsvc.exe	Dell Support Center service
$o23 - service: wan miniport (atw) service (wanminiportservice) - america online, inc. - c:\windows\wanmpsvc.exe$	wanmpsvc.exe	AOL WAN properties service
$o23 - service: dell wireless wlan tray service (wltrysvc) - unknown owner - c:\windows\system32\wltrysvc.exe$	wltrysvc.exe	Dell wirless LAN service
$o4 - global startup: america online 9.0 tray icon = c:\program files\america online 9.0\aoltray.exe$	aoltray.exe	AOL Internet systray process
$o4 - global startup: kodak easyshare software.lnk = c:\program files\kodak\kodak easyshare software\bin\easyshare.exe$	easyshare.exe	Kodak EasyShare camera software
$o4 - global startup: kodak software updater.lnk = c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe$	kodak software updater.exe	Kodak digital camera software update service
$o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe$	osa.exe	Microsoft Office startup assistant

Getting your system clean

Notice: This tool is currently being developed and is in the alpha stage of testing, by following these steps you agree that you're doing this at your own risk.

What to do in HijackThis

1. Open HijackThis.
2. Click Do a system scan only
3. Check the boxes that correspond to the below lines.

r3 - urlsearchhook: (no name) - {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\desrcas.dll (file missing)
r3 - urlsearchhook: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - (no file)
o2 - bho: (no name) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - (no file)
o2 - bho: (no name) - {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\desrcas.dll (file missing)
o2 - bho: {4af28625-91f9-c5f8-5d14-98b5a02c00e7} - {7e00c20a-5b89-41d5-8f5c-9f1952682fa4} - c:\windows\system32\jbkgns.dll
o2 - bho: (no name) - {8725e047-7220-42e0-912f-8fe0bbdbea01} - c:\windows\system32\ddcdsqpq.dll (file missing)
o2 - bho: (no name) - {ca7fbe14-5973-4e41-b738-2e3b567cac4c} - (no file)
o2 - bho: (no name) - {fa7096aa-591c-4749-8dda-92eb595622fd} - (no file)
o3 - toolbar: (no name) - {53e0b6e8-a51d-448b-b692-40b67b285543} - (no file)
o3 - toolbar: (no name) - {0bf43445-2f28-4351-9252-17fe6e806aa0} - (no file)
o3 - toolbar: (no name) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - (no file)
o20 - winlogon notify: yaywvuri - yaywvuri.dll (file missing)
o23 - service: mcafee application installer cleanup (0246231222493699) (0246231222493699mcinstcleanup) - unknown owner - c:\docume~1\hannah~1\locals~1\temp\024623~1.exe (file missing)

4. Once the above have been checked click the Fix checked button.
5. After fixed close Hijackthis.

Delete files

Delete the following files if found on the computer.

c:\windows\system32\jbkgns.dll *

* This file could be a legitimate file. Make sure you're positive this is not a valid file by reading the suggestions in the above chart before deleting it. If you're not comfortable deleting the file just leave it alone.
** Files not found in the Windows directory may be part of a program that can be uninstalled through the Add/Remove programs in the Control Panel.

Additional malware scans

Because potential threats were found in the HijackThis log we we also suggest you reboot the computer after completing the above steps and install and run the free Malwarebytes' Anti-Malware utility on this computer.

Verify browser plugins up-to-date

Reboot the computer into Normal Windows mode make sure you're browser has all the latest plugins installed by viewing the each of the plugins installed on your computer through our System Information tool.

Install Firewall protection

We could not detect a firewall process running on this computer. If no firewall is running on the computer we strongly suggest either enabling the Windows Firewall or installing another firewall.

After the above steps have been completed reboot the computer, let it boot as normal, and re-run HijackThis and generate a new log to be reviewed.

Main Windows process search tool page

Over 7,847,474 processes and files have been examined

A big thanks to CBMatt and Evilfantasy for their malware specialist assistance and everyone else in the Computer Hope community who has contributed to the development and testing of this tool. An ongoing discussion about this tool is found here.

Home - Computer help - Contact - Dictionary - Links
Link to Computer Hope - Bookmark Computer Hope