Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log displays some weird stuff


  • Please log in to reply
3 replies to this topic

#1 maki2012

maki2012

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:15 AM

Posted 12 May 2009 - 12:03 PM

Just some concerns:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:00 PM, on 5/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ShellLess\ShellLess.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe (filesize 25088 bytes, MD5 0E135526E9785D085BCD9AEDE6FBCBF9)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75128 bytes, MD5 5CF6190CD875DA6B35256FEE573E7908)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (filesize 806376 bytes, MD5 6DFC19078B7AA49F5DFA6FF66B26A8E0)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 408440 bytes, MD5 1A82C1B9BB43385695EFC3A84F6756A2)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (filesize 35840 bytes, MD5 96A225C7F5346A9E81FC3DFA89A900C0)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (filesize 542016 bytes, MD5 4A8A49921534B030B27F16FC68FBA1DC)
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXEC:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (filesize 210216 bytes, MD5 601D77C0AA637A99073210894554B6BA)
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" (filesize 210216 bytes, MD5 601D77C0AA637A99073210894554B6BA)
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" (filesize 210216 bytes, MD5 601D77C0AA637A99073210894554B6BA)
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" (filesize 1152296 bytes, MD5 99DFEF65C3C54DD562711BFF1CA76B97)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeC:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" (filesize 1148200 bytes, MD5 F7EA1BAED492C634C96D5544AB0D3BB9)
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" (filesize 189736 bytes, MD5 3213677E9B81F7644B6C143BC8580D5C)
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" (filesize 80896 bytes, MD5 941A08CBDEEDF16B6C986B6BA7C9A5D0)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exec:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (filesize 148888 bytes, MD5 A2D390F1F2408B94EF34BFE3A00C29D3)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (filesize 342312 bytes, MD5 6B0E8DEE62C0C9695C77F14482DDF178)
O4 - HKLM\..\Run: [ShellLess] "C:\Program Files (x86)\ShellLess\ShellLess.exe" hide (filesize 1968640 bytes, MD5 B3BEA01319DB46D38D9E99B37B62E4CE)
O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe" /autorun (filesize 15638760 bytes, MD5 91034A79BB44FE2353681145BE1FA072)
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide (filesize 542720 bytes, MD5 C5872E1569BF0CA55F416D8C31A8732D)
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (filesize 972080 bytes, MD5 FC800970DF7CB4C535520C9B94A57C28)
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m (filesize 202064 bytes, MD5 F7507CAF95D262A5115974144EB5B2C3)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: AutorunsDisabled
O4 - Startup: MiniMinder.lnk = C:\Program Files (x86)\MiniMind\MiniMind.exe (filesize 262144 bytes, MD5 70A39B8914DB950E2F801D049A8F5D45)
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (filesize 3145552 bytes, MD5 DC6E1C90EBB71B8BAF2B9E8B2565297E)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (filesize 214360 bytes, MD5 D9335549EAE48B14FB66EFCB6FFAE736)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (filesize 191 bytes, MD5 5A1A214AB8FB428EF2FD84B9A8468076)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (filesize 806376 bytes, MD5 6DFC19078B7AA49F5DFA6FF66B26A8E0)
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (filesize 806376 bytes, MD5 6DFC19078B7AA49F5DFA6FF66B26A8E0)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (filesize 1729784 bytes, MD5 C92715E11BEEC705B490DF9442FBCFE0)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files (x86)\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (filesize 1729784 bytes, MD5 C92715E11BEEC705B490DF9442FBCFE0)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: Add to Favorites - {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - C:\PROGRA~2\COMMON~1\TIDYFA~1\AddToFav.dll (filesize 433664 bytes, MD5 8FDEEBF5EED08ADFC92F556F2FE330B2)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (filesize 542016 bytes, MD5 4A8A49921534B030B27F16FC68FBA1DC)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (filesize 191 bytes, MD5 5A1A214AB8FB428EF2FD84B9A8468076)
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (filesize 191 bytes, MD5 5A1A214AB8FB428EF2FD84B9A8468076)
O9 - Extra button: Open Tidy Favorites - {E3CB497B-E230-4445-8B34-13476822F867} - C:\PROGRA~2\COMMON~1\TIDYFA~1\OpenFav.dll (filesize 433664 bytes, MD5 D2DE0FEBC0DF02D70EE28868630F934B)
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exeC:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--
End of file - 14257 bytes

-----------------------------
The bolded items show missing files that seem to be system files. My computer is running fine, and this isn't very high priority. I'm just confused about these entries and would just like some feedback.

Thanks!
Jake

Edited by maki2012, 12 May 2009 - 12:06 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:15 AM

Posted 26 May 2009 - 12:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 maki2012

maki2012
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:15 AM

Posted 26 May 2009 - 05:38 PM

Tool downloaded, will run asap.

Thanks!
Jake

#4 maki2012

maki2012
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:15 AM

Posted 27 May 2009 - 01:42 PM

When I run the tool, it says my OS is not supported. I am running Vista x64.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users