Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • Please log in to reply
1 reply to this topic

#1 kohydra

kohydra

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 30 September 2009 - 04:48 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:24 PM, on 9/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)

\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\WakeMeUp\WMUAgent.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\YourWare Solutions\FreeRAM XP Pro\FreeRAM

XP Pro.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} -

C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-

7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -

C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-

D4FD9850CF1C} - C:\Program Files (x86)\infoaxe\ietb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E

-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8

\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06

\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-

5347D756017C} - C:\Program Files (x86)\AVG\AVG8

\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA

-CE66B5AD205D} - C:\Program Files (x86)

\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Trlokom IE Toolbar - {C5AF4D9B-0B55-4BAC-9486-

218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-

4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-

76A1AE736170} - C:\Program Files (x86)\Hotspot

Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-

86F7AC245081} - C:\PROGRA~2\Yahoo!

\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-

9F516DD69829} - C:\Program Files (x86)\AVG\AVG8

\Toolbar\IEToolbar.dll
O3 - Toolbar: Trlokom IE Toolbar - {C5AF4D9B-0B55-4BAC-9486-

218EA2C6BC3E} - C:\Program Files (x86)\SpyWall\TrlIETool.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar.dll
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-

F60EC423E690} - C:\Program Files (x86)\infoaxe\ietb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-

2d9b88305f98} - C:\Program Files (x86)

\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -

C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)

\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

/hide:60
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program

Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)

\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)

\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files

(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files (x86)

\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [WMUAgent.exe] "C:\Program Files (x86)

\WakeMeUp\WMUAgent.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)

\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)

\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files (x86)\YourWare

Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe"

/d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Save YouTube Video as MP3 -

res://C:\Program Files (x86)\Common

Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program Files (x86)

\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12

\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam

Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-

FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -

C:\Program Files (x86)\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio)

- Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -

Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files (x86)\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files

(x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files

(x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati External Event Utility - Unknown owner -

C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG

Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,

s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files

(x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. -

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION -

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner -

C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. -

C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game

Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google -

C:\Program Files (x86)\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) -

Unknown owner - C:\Program Files (x86)\Hotspot

Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) -

AnchorFree Inc. - C:\Program Files (x86)\Hotspot

Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) -

Unknown owner - C:\Program Files (x86)\Hotspot

Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files

(x86)\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files (x86)

\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) -

Atheros Communications, Inc. - C:\Program Files (x86)

\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -

C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\Windows\system32

\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator)

- Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) -

Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program

Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: WakeMeUp! Service (svcWMU) - Highspheres.com -

C:\Program Files (x86)\WakeMeUp\WMUSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files

(x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA

Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD

PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) -

Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA

Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation -

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Trlokom Central Management Helper 1.4.1 0

(trlokom_rmhsvc) - Trlokom, Inc. - C:\Windows\trlrm\RMHSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

(UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

(file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead

Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -

Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation

- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -

Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110

(wmiApSrv) - Unknown owner - C:\Windows\system32

\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media

Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner -

C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--
End of file - 13937 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:56 AM

Posted 18 October 2009 - 11:26 AM

Hello kohydra

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users