Free Malware Removal Forum

[sabbysidd]

Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 11:16:19 AM, on

11/04/2010
Platform: Windows Vista SP2 (WinNT

6.00.1906)
MSIE: Internet Explorer v8.00

(8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32

\wbem\unsecapp.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
C:\Program Files\Windows

Live\Messenger\msnmsgr.exe
C:\Program Files\Windows

Live\Contacts\wlcomm.exe
C:\Users\temp\Music\Downloads\HiJack

This.exe
C:\Windows\system32\wuauclt.exe

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/

defaults/sb/msgr9/*http://www.yahoo.

com/ext/search/search.html
R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/

defaults/sp/msgr9/*http://www.yahoo.

com
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

about:blank
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_CA&c=73&b

d=Pavilion&pf=laptop
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/

defaults/su/msgr9/*http://www.yahoo.

com
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/

defaults/sb/msgr9/*http://www.yahoo.

com/ext/search/search.html
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/

defaults/sp/msgr9/*http://www.yahoo.

com
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 -

HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/

defaults/su/msgr9/*http://www.yahoo.

com
R1 -

HKCU\Software\Microsoft\Windows\Curr

entVersion\Internet

Settings,ProxyOverride = *.local
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - -

(no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-

7695ECA05670} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer -

{0347C33E-8762-4905-BF09-

768834316C61} - C:\Program

Files\Hewlett-Packard\Digital

Imaging\Smart Web

Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link

Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHe

lper.dll
O2 - BHO: (no name) - {5C255C8A-

E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: Groove GFS Browser Helper

- {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program

Files\Microsoft Office\Office12

\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in

Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program

Files\Common Files\Microsoft

Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV

Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class -

{F9E4A054-E9B1-4BC3-83A3-

76A1AE736170} - C:\Program

Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class -

{FDAD4DA1-61A2-4FD8-9C17-

86F7AC245081} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\YTSingleInst

ance.dll
O2 - BHO: HP Smart BHO Class -

{FFFFFFFF-CF4E-4F2B-BDC2-

0E72E116A856} - C:\Program

Files\Hewlett-Packard\Digital

Imaging\Smart Web

Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-

4965-11d4-9B18-009027A5CD4F} -

c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320

-B3CA-4199-B1A6-9F516DD69829} - (no

file)
O4 - HKLM\..\RunOnce: [Launcher] %

WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr]

"C:\Program Files\Windows

Live\Messenger\msnmsgr.exe"

/background
O4 - Startup: OneNote Table Of

Contents.onetoc2
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12

\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end

to OneNote - {2670000A-7350-4f3c-

8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1

\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP

Smart Web Printing - {DDE87865-83C5

-48c4-8357-2F5B1AA84522} -

C:\Program Files\Hewlett-

Packard\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8

-fa1d4f56a2ab} (Installation

Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {8100D56A-5661-482C-BEE8

-AFECE305D968} (Facebook Photo

Uploader 5 Control) -

http://upload.facebook.com/controls/

2009.07.28_v5.5.8.1/FacebookPhotoUpl

oader55.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87

-F2B03665960D} (VodClient Control

Class) -

http://www.tvucricket.com/player/vjo

cx-en-black.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E

-587CAF3EE8C6} (MSN Chat Control

4.5) -

http://fdl.msn.com/public/chat/msnch

at45.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{0

F0BBCCF-DF8E-4B5E-9BC9-

32DC0434F4E2}: NameServer =

93.188.163.114,93.188.161.96
O17 -

HKLM\System\CCS\Services\Tcpip\..\{8

E16FF3E-36B3-46A6-9BAF-

3F2591AC88A5}: NameServer =

93.188.163.114,93.188.161.96
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F

2821D90-6DD6-43FB-9A6D-

7CA5198EB68D}: NameServer =

93.188.163.114,93.188.161.96
O17 - HKLM\System\CS1

\Services\Tcpip\Parameters:

NameServer =

93.188.163.114,93.188.161.96
O17 - HKLM\System\CS1

\Services\Tcpip\..\{0F0BBCCF-DF8E-

4B5E-9BC9-32DC0434F4E2}: NameServer

= 93.188.163.114,93.188.161.96
O17 - HKLM\System\CS2

\Services\Tcpip\Parameters:

NameServer =

93.188.163.114,93.188.161.96
O17 - HKLM\System\CS2

\Services\Tcpip\..\{0F0BBCCF-DF8E-

4B5E-9BC9-32DC0434F4E2}: NameServer

= 93.188.163.114,93.188.161.96
O17 -

HKLM\System\CCS\Services\Tcpip\Param

eters: NameServer =

93.188.163.114,93.188.161.96
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program

Files\Microsoft Office\Office12

\GrooveSystemServices.dll
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~1

\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-

Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\HP

Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device -

Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService

.exe
O23 - Service: Bonjour Service -

Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background

Capture Service (CBCS) (CLCapSvc) -

Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLCapSv

c.exe
O23 - Service: CyberLink Task

Scheduler (CTS) (CLSched) - Unknown

owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLSched

.exe
O23 - Service: FsUsbExService -

Teruten - C:\Windows\system32

\FsUsbExService.Exe
O23 - Service: Google Updater

Service (gusvc) - Google -

C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield

Service (HotspotShieldService) -

Unknown owner - C:\Program

Files\Hotspot

Shield\bin\openvpnas.exe
O23 - Service: HP Health Check

Service - Hewlett-Packard -

c:\Program Files\Hewlett-Packard\HP

Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-

Packard Development Company, L.P. -

C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Helper

Service (HssSrv) - AnchorFree Inc. -

C:\Program Files\Hotspot

Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray

Service (HssTrayService) - Unknown

owner - C:\Program Files\Hotspot

Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program

Files\Common

Files\InstallShield\Driver\1050

\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple

Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService

Direct Disc Labeling Service

(LightScribeService) - Hewlett-

Packard Company - C:\Program

Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor

(LVPrcSrv) - Logitech Inc. -

c:\program files\common

files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher -

Logitech Inc. - C:\Program

Files\Common

Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic

Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia.

- C:\Program Files\Nokia\PC

Connectivity

Solution\ServiceLayer.exe
O23 - Service: stllssvr -

MicroVision Development, Inc. -

C:\Program Files\Common

Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager

Service - Viewpoint Corporation -

C:\Program

Files\Viewpoint\Common\ViewpointServ

ice.exe
O23 - Service: WD SmartWare Drive

Manager (WDDMService) - WDC -

C:\Program Files\Western Digital\WD

SmartWare\WD Drive

Manager\WDDMService.exe
O23 - Service: WD SmartWare

Background Service

(WDSmartWareBackgroundService) -

Memeo - C:\Program Files\Western

Digital\WD SmartWare\Front

Parlor\WDSmartWareBackgroundService.

exe
O23 - Service: XAudioService -

Conexant Systems, Inc. -

C:\Windows\system32

\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater

(YahooAUService) - Yahoo! Inc. -

C:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUService.exe

--
End of file - 9947 bytes

[NonSuch]

Unfortunately, the log you have posted is unreadable due to its formatting. Open the HijackThis log report, and then click on "Format" and uncheck "Word Wrap." Save the changes. Next, start a new topic and copy and paste the reformatted HijackThis log into that new topic.

This topic is now closed.