Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Assistance Requested - HijackThis and Uninstall logs pasted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Assistance Requested - HijackThis and Uninstall logs pasted

Unread postby dcf » January 17th, 2011, 3:28 pm

Hello - and thank you for assisting. This is a Vista 6.0 SP 2 machine. I use Norton Security Suite and Malwarebytes / Spybot to locate malicious software. I also run ccleaner, turn off indexing, defrag and have used less than 50% disk capacity. The hard drive seems to run continuously, and therefore the machine is slow.

Any suggestions would be appreciated!
Dale

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:36 PM, on 1/17/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7754 bytes

3ivx MPEG-4 5.0.3 (remove only)
4Patas
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player
Advanced SystemCare 3
aiofw
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Parental Control & Encoder
Belarc Advisor 7.2
BigFix
Bing Maps 3D
Bonjour
C4USelfUpdater
Catalyst Control Center - Branding
CCleaner
center
Compatibility Pack for the 2007 Office system
Defraggler
Digital Media Reader
DVD Solution
Easy CD-DA Extractor 12
EPSON Printer Software
ffdshow [rev 2527] [2008-12-19]
FlipShare
Gateway Drivers and Applications Recovery
GearDrvs
Glary Utilities 2.26.0.956
GOM Player
Google Earth Plug-in
Google Gears
Google Update Helper
gtw_logo
Guitar Guru Version 2.2.0
GWCares
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Management Engine Interface
Intel(R) Matrix Storage Manager
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Kiplinger's Home and Business Attorney
KODAK AiO Home Center
ksDIP
Learn2 Player (Uninstall Only)
LEGO Digital Designer
LG USB Modem driver
Logitech QuickCam
Logitech Updater
Malwarebytes' Anti-Malware
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b6 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napster Burn Engine
Network Play System (Patching)
Norton Security Suite
OGA Notifier 2.0.0048.0
PCI Soft Data Fax Modem with SmartCP
PdfEdit995 (installed by TaxCut)
Pivot Stickfigure Animator
Power2Go 4.0
PowerDVD
PreReq
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
Sonic Encoders
Spybot - Search & Destroy
Switch Sound File Converter
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows 7 Upgrade Advisor
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinZip 15.0
Wizard101
World of Warcraft FREE Trial
Xvid 1.1.3 final uninstall
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Messenger
dcf
Active Member
 
Posts: 4
Joined: January 17th, 2011, 3:18 pm
Advertisement
Register to Remove

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby xixo_12 » January 19th, 2011, 8:50 am

Hello and Welcome to Anti-Malware Forums.Image
Introduction and rules :
  • I'm xixo_12 and really glad to help you.
  • You're advised to refrain running any self fixes until I give the "All Clean Speech"
  • Instruction in this topic is special create for current problem and don't apply those on another system.
  • You're advised to ask for any uncertainty.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we will start the collaboration.
Do keep in mind, removing malware is one of hazardous undertaking. I'm ready to share what I have learn through years in removing malware but I'm also fallible.
You're advised to back up all the important data before we start.
Note : Due to limitation, Windows Vista require user to Right click > Run as Administrator to use the tools.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First,
Registry related program.

Next,
Remove programs.
Please Click Start > Control Panel > Programs and Features
Remove the listed program(s) by clicking Uninstall/Change.
Spybot - Search & Destroy
Unity Web Player

If some program(s) listed above are not in present, please do not panic and proceed to the next step.

Discussion
Any other issue except slow machine respond?
Please ask anything if you're unsure.

What you need to post
Checklist.
  • Respond to our discussion
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby dcf » January 19th, 2011, 10:11 pm

Hello xixo_12, and thank you for your assistance. I generally use these programs to clean unnecessary files and identify unnecessary "startup" processes, however as you have suggested I have now uninstalled:
Advanced SystemCare 3
Glary Utilities 2.26.0.956
Spybot - Search & Destroy
Unity Web Player

The reason I posted to the forum is I can hear the hard drive running frequently, even when I am not on the computer - and during that time yes, opening or working in programs (even a web browser) is very slow. I have opened Task Manager and no applications are shows as open when the HD is churning, thus I was afraid that a surreptitious program / process had taken over. This has only been occurring for the past 60 days (or so). Sometimes the HD is not audible, perhaps 10%-20% of the time - however 80%-90% of the time it is working. The fan works fine, and the PC is not acting up in any other way - therefore I don't believe the HD is actually having a problem, again it seems to me that a process is running that is taking up the majority of the CPU for the majority of the time.

Please let me know what other suggestions you have. Thanks again!
dcf
Active Member
 
Posts: 4
Joined: January 17th, 2011, 3:18 pm

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby xixo_12 » January 19th, 2011, 10:22 pm

Hi,
Let's us check one by one.
But I do suspect it is one of the outcome of using registry cleaner.

First,
CCleaner - Clear temp.
  • Right click on CCleaner.exe > Run as Administrator to run the tool.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted.
    (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced. Untick Only delete files in Windows Temp folders older than 48 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the Issues feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

Next,
Malwarebytes' Anti-Malware - Run
  • Right click on Malwarebytes' Anti-Malware icon > Run as Administrator to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Users\Username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Right click on RSIT.exe > Run as Administrator to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

What you need to post
Checklist.
  • Content of MBAM log
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby dcf » January 19th, 2011, 11:48 pm

I have completed the CCleaner steps you suggested, and am currently running the Malwarebytes full scan (and will post the log tomorrow when complete).

No offense, however I googled RSIT.exe and found the following:

What is Rsit.exe?

Rsit.exe is a hazardous trojan that hijacks systems by altering file names in Windows registry. Once inside the system, trojan Rsit will modify Windows registry keys and generate malicious rsit.exe files onto the infected computer. Rsit.exe sneaks inside the system through corrupt gambling and porn related websites and unwanted email advertisements. Rsit.exe ia a aggresive trojan infection that may download spyware, adware, trojans, worms and steal confidential private information!


Thus - are there any other (perhaps mainstream) programs you can recommend that would provide similar logs - perhaps "combofix" or something similar? Seems odd I would be requested to remove Spybot and then to add an .exe that I can find no information about on the internet?

Thanks
dcf
Active Member
 
Posts: 4
Joined: January 17th, 2011, 3:18 pm

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby xixo_12 » January 20th, 2011, 12:42 am

Hi,

I'm please to tell you that every single instructions that I gave or will give to you have great sequences towards incoming procedures.

Thus, If you have any doubt about what are we doing here and the capabilities, feel free to tell me to close this topic and find the other forum that suit you.

Thank you.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby dcf » January 20th, 2011, 12:18 pm

Yes - and apologies again - I am sure you are helping - however you must understand that being asked to uninstall my malware program and then run an exe file that others claim is malware is not something I feel comfortable doing.

Please go ahead and close the topic, and I appreciate the help you have alrteady provided.
dcf
Active Member
 
Posts: 4
Joined: January 17th, 2011, 3:18 pm

Re: Assistance Requested - HijackThis and Uninstall logs pas

Unread postby Cypher » January 20th, 2011, 12:45 pm

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 334 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware