Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this LOG, now what

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this LOG, now what

Unread postby cjm » September 6th, 2010, 12:24 am

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:07 PM, on 9/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.YOUR-1825A45D26\Desktop\HijackThis.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MRI_DISABLED
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ubs.com
O15 - Trusted Zone: *.ubspainewebber.com
O15 - Trusted Zone: *.ubspwmobile.com
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O15 - Trusted IP range:
O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com:444/PCGMC/PCGMCClient.CAB
O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - - file://D:\Reuters\pluswebagentjava.cab
O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - file://D:\Reuters\pluswebagent.cab
O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - - file://D:\Reuters\shdown.cab
O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - - file://D:\Reuters\monclassdown.cab
O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - file://D:\Reuters\Navigator.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - file://D:\Reuters\excel.cab
O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/h ... homepr.cab
O16 - DPF: {5D2ACCF1-0E19-11D7-9216-0050047CF2BB} (Reuters Stand-Alone Fixed Income Calc Control) - file://D:\Reuters\fxdincome.cab
O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - - https://www.wm-mobile.ubs.com/md/classe ... mpdown.cab
O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - - file://D:\Reuters\jexitdown.cab
O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - - https://www.wm-mobile.ubs.com/md/classe ... tedown.cab
O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - - file://D:\Reuters\dialogsdown.cab
O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - file://D:\Reuters\pluswebsweeper.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - - file://D:\Reuters\qqagentdown.cab
O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - file://D:\Reuters\mlsoftdown.cab
O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - file://D:\Reuters\pluswebverdown.cab
O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - file://D:\Reuters\pwagentclient.cab
O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - file://D:\Reuters\plusweblocator.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

End of file - 10305 bytes
Active Member
Posts: 1
Joined: September 6th, 2010, 12:20 am
Register to Remove

Re: Hijack this LOG, now what

Unread postby Carolyn » September 6th, 2010, 7:31 pm

By posting just a HJT log without any supporting symptoms or explanation it is likely that your log will be passed by and you will not receive the help you're looking for.

No need to go into minute detail, but a few words about the type of difficulties you're experiencing will narrow down what we're looking for.

If you've received any messages or error codes please include them.

This thread will now be closed.

If you still need help, please start a new thread with:-
  • A new HijackThis log.
  • An Uninstall List.
  • Details of your problems.
User avatar
MRU Emeritus
MRU Emeritus
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware