HiJack this log please

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Monday 21.7.2025 / 22:16

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijack this log please

Browse by topic

Forums

Start a new thread

HiJack this log please

Jump to:

Posted

Message

laroc1

Junior Member

9. July 2010 @ 09:41

Link to this message

My computer is acting strange with both internet explorer and firefox with new tabs opening on the and constant pop up.

can someone advise me on this hijack this log.

scott

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:28, on 09/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hercules\Audio\DJ Console Series

\HDJSeriesCPL.exe
C:\Program Files\Common Files\Java\Java Update

\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories

\XBoxStat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed

\BoostSpeed.exe
C:\Program Files\YouSendIt\Express\YouSendIt.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

\MOM.exe
C:\Program Files\Common Files\Ahead\Lib

\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Users\scott.scott-PC\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer

\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.ask.com/?o=101731&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion

\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
R3 - URLSearchHook: thechatterbox.cc Toolbar -

{00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program

Files\thechatterbox.cc\tbthec.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-

4c2f-85a5-6ad541500df0} - C:\Program Files

\thechatterbox.cc\tbthec.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-

4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-

42B3008E02FF} - C:

\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445

-435b-BC74-9C25C1C588A9} - C:\Program Files\Java

\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer -

{E5A1691B-D188-4419-AD02-90002030B8EE} - C:

\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-

83A3-76A1AE736170} - C:\Program Files\Hotspot Shield

\HssIE\HssIE.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-

4c2f-85a5-6ad541500df0} - C:\Program Files

\thechatterbox.cc\tbthec.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136

-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools

Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil

Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files

\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files

\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:

\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"

/starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft

Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)]

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

/runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files

\Common Files\Apple\Mobile Device Support

\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft

Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-

88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib

\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\Windows

\system32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:

\Windows\TEMP\E_S143C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program

Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files

\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [YouSendIt.exe] C:\Program Files

\YouSendIt\Express\YouSendIt.exe -ui none
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP

\lubn.tmp\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP

\lubn.tmp\svchost.exe (User 'Default user')
O4 - .DEFAULT User Startup: sywo.exe (User 'Default

user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:

\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote -

res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-

6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes -

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program

Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files

\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files

\vmware\vmware player\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flas

h/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672

-00B0D022E945} - C:\Program Files\Common Files\Microsoft

Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service

(AcronisOSSReinstallSvc) - Unknown owner - C:\Program

Files\Common Files\Acronis\Acronis Disk Director

\oss_reinstall_svc.exe
O23 - Service: AMD External Events Utility - AMD - C:

\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:

\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

ALWIL Software - C:\Program Files\Alwil Software

\Avast4\aswUpdSv.exe
O23 - Service: ATK Fast User Switch Service

(ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows

\system32\ATKFUSService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:

\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:

\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:

\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01)

- SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3

SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01)

- SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3

SSRP\E_S40RP7.EXE
O23 - Service: Hercules DJ Control MP3

(HerculesDJControlMP3) - Unknown owner - C:\Program

Files\Hercules\Audio\DJ Console Series

\HerculesDJControlMP3.EXE
O23 - Service: Hotspot Shield Service

(HotspotShieldService) - Unknown owner - C:\Program

Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service

(HssTrayService) - Unknown owner - C:\Program Files

\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd)

- Unknown owner - C:\Program Files\Hotspot Shield\bin

\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common Files

\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation -

C:\Program Files\Malwarebytes' Anti-Malware

\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files

\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ralink Registry Writer

(RalinkRegistryWriter) - Ralink Technology, Corp. - C:

\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: SiSoftware Deployment Agent Service

(SandraAgentSrv) - SiSoftware - C:\Program Files

\SiSoftware\SiSoftware Sandra Lite 2010.SP1d

\RpcAgentSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware,

Inc. - C:\Program Files\VMware\VMware Player\vmware-

ufad.exe
O23 - Service: VMware Authorization Service

(VMAuthdService) - VMware, Inc. - C:\Program Files

\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware,

Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service

(VMUSBArbService) - VMware, Inc. - C:\Program Files

\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:

\Windows\system32\vmnat.exe

--
End of file - 10884 bytes

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijack this log please


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.