Announcement

Announcement Module
Collapse
No announcement yet.

believe i have a virus or infection/ hijack log file

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • believe i have a virus or infection/ hijack log file

    when i click on a story in yahoo news it shows up for a second then redirests me to a page not found. i get a web page like this for example
    http://ads.bluelithium.com/iframe3?W...0%253b8493%253

    here is my hijack log file

    Logfile of IObit HijackScan v1.0.2.0
    Scan saved at 19:37:23, on 2011-1-28

    Running processes:

    O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
    O2 - BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} -
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Babylon web page translation - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}SysReqLabNVD.Detection.1 - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}SysReqLab.Detection_SRLX.1 - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}MANAGER.DLMCtrl.1 - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB}SMARTLOAD.smartLoadCtrl.1 - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}ONLINESCANNER.OnlineScannerCtrl.1 - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303}zpa_txhe.ZPA_TexasHoldem.1 - http://zone.msn.com/bingame/zpagames...e.cab79352.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}ZIntro.ZoneIntro.1 - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}PCPitstop2.Exam.1 - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater (Application Updater) - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
    O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: FLEXnet Licensing Service (FLEXnet Licensing Service) - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Update Service (gupdate1ca94b36cee2aa9) (gupdate1ca94b36cee2aa9) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS360service (IS360service) - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: lxdx_device (lxdx_device) - - C:\Windows\system32\lxdxcoms.exe
    O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA (PnkBstrA) - Unknown - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
    O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
    O23 - Service: Steam Client Service (Steam Client Service) - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TVersityMediaServer (TVersityMediaServer) - Unknown - C:\Users\jon\AppData\Local\TVersity\Media Server\MediaServer.exe
    O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe


    any help on what i should check to fix this would be appreciated

  • #2
    Welcome to the forum, johny30

    Please have a look here :
    http://answers.yahoo.com/question/in...5183730AAgIOYn

    Let me know if that helped.

    See you soon.

    ====
    Is it winter yet ?

    Comment


    • #3
      thx it worked

      thx alot so sad that worked, also thanks for the welcome and the quick response

      Comment


      • #4
        You bet :wink:

        Glad it worked for you.

        By the way, there's nothing suspicious showing in the Hijack log you've posted. Those scans don't see everything, but as long as you don't have any other weird symptoms, you should be fine.

        Please update your Java though. You have version 6 Update 22 and they're at Update 23 now. You can update directly from the application itself (Control Panel > open "Java" > "Update" tab), or download and install the new version, which will remove the older version automatically :
        http://www.java.com/getjava/

        You have a bunch of toolbars installed. Although they don't pose a direct threat, they do clutter your browser and may slow it down as well. Unless you really need them, I'd uninstall a few of them from Control Panel.

        That's it. Stay safe out there

        ===
        Is it winter yet ?

        Comment


        • #5
          Hi So_sad,

          Perhaps, update of Adobe 9.0 to Adobe X and usage of JavaRa 1.16 could be suggested too. :wink:
          Although I don't know if it is installed, but the usage of most recent Flash Players are advisable also. 8-)
          IMO, usage of uTorrent is risky because of the unknown security of the downloaded files.

          Cheers.:grin:
          enoskype

          - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

          Comment


          • #6
            Yuck ! I missed Adobe Reader 9...:roll:

            Thanks enoskype. Indeed, version 10 ("X") is needed.

            JavaRa isn't really necessary anymore, but I could be wrong. Reader has been removing older versions for a while now, when you update or install over older versions. There may be remnants left behind, but from a security point of view, I don't think they pose a threat.

            Flash updater should be set to Auto, because new versions come out all the time.

            uTorrent : yeah... I agree. When I start working on an infected computer with P2P or torrent apps onboard, I always advise of the risks. Because our member isn't infected and also because *some* use torrents to get non pirated material, I usually don't mention it unless I can back it up with evidence (infections) present on the machine :wink:

            ===
            Is it winter yet ?

            Comment


            • #7
              Hi again, unfortunately Java updates still leave clutter, and JavaRa 1.16 is updated to a higher build # recently.
              You are right about the security of the clutter not posing a threat, but sometimes after update, older add-ons of browsers still stays put and could be risky. (Specifically when an installer includes an older version of Java after an update to a newer version of Java. Example: OpenOffice.org 3.3. One can even not be aware of that.)

              Cheers.
              enoskype

              - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

              Comment


              • #8
                Originally posted by So_sad View Post
                Yuck ! I missed Adobe Reader 9...:roll:

                Thanks enoskype. Indeed, version 10 ("X") is needed.

                JavaRa isn't really necessary anymore, but I could be wrong. Reader has been removing older versions for a while now, when you update or install over older versions. There may be remnants left behind, but from a security point of view, I don't think they pose a threat.

                Flash updater should be set to Auto, because new versions come out all the time.

                uTorrent : yeah... I agree. When I start working on an infected computer with P2P or torrent apps onboard, I always advise of the risks of no Mobile Network Security. Because our member isn't infected and also because *some* use torrents to get non pirated material, I usually don't mention it unless I can back it up with evidence (infections) present on the mobility machine :wink:

                ===
                Can auto really accomodate for the new versions? why do some use torrents to get non pirated material? im confused THANKS

                EDIT: The RED words were added as ad links by the poster and they are red colored and delinked by me.
                Last edited by enoskype; Jul. 6th, 2011, 23:45. Reason: EDIT:

                Comment


                • #9
                  You think you are clever jjohns24?

                  Stay as you are! :evil:
                  enoskype

                  - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                  Comment

                  Working...
                  X