Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

believe i have a virus or infection/ hijack log file


johny30

Recommended Posts

when i click on a story in yahoo news it shows up for a second then redirests me to a page not found. i get a web page like this for example

http://ads.bluelithium.com/iframe3?WaUDANGUGAC-THYAAAAAAO6KGwAAAAAAAgAAAAIAAAAAAP8AAAAGFJOuAQAAAAAA6YYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAOjhKmbzPwAAAAAAAAAAAADo4Spm8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj2Baj.FOMCbK3eG0Xee4U6GGQ99ylWWV4JMdNAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15pjp9v10%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D84962395%3ALREC2%2FY%3DYAHOO%2FEXP%3D1296272275%2FL%3Dbf2QZ2KIRlgZ9pAmTTS.CRaRTA0R_U1Db3MACWur%2FB%3DFqs.HUwNPMg-%2FJ%3D1296265075674835%2FK%3DD4qBsEuAIM8fzC9eOggoAw%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fap%2F20110128%2Fap_on_re_eu%2Feu_davos_forum_iran,_PVID%3Dbf2QZ2KIRlgZ9pAmTTS.CRaRTA0R%255fU1Db3MACWur%26Z%3D300x250%26cb%3D1296265075674835%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15pjp9v10%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D84962395%253ALREC2%252FY%253DYAHOO%252FEXP%253D1296272275%252FL%253Dbf2QZ2KIRlgZ9pAmTTS%252ECRaRTA0R%255FU1Db3MACWur%252FB%253DFqs%252EHUwNPMg%252D%252FJ%253D1296265075674835%252FK%253DD4qBsEuAIM8fzC9eOggoAw%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26ycg%3D%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%2526bt%253D1%253b16%253b51%253b59%253b63%253b65%253b66%253b70%253b89%253b90%253b113%253b118%253b131%253b132%253b165%253b225%253b227%253b229%253b230%253b231%253b232%253b233%253b241%253b264%253b281%253b283%253b287%253b290%253b301%253b305%253b308%253b309%253b506%253b649%253b657%253b672%253b681%253b816%253b828%253b838%253b839%253b852%253b869%253b1020%253b1117%253b2053%253b2091%253b2790%253b2791%253b2801%253b2803%253b2878%253b2932%253b2934%253b3735%253b3931%253b4772%253b4791%253b4940%253b5122%253b5133%253b5190%253b5378%253b5389%253b5444%253b5593%253b5635%253b5702%253b5889%253b6153%253b6155%253b6415%253b6622%253b6626%253b6840%253b6862%253b6995%253b7104%253b7676%253b7753%253b7773%253b7797%253b7934%253b8057%253b8460%253b8493%253

 

here is my hijack log file

 

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 19:37:23, on 2011-1-28

 

Running processes:

 

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.1\iobitToolbarIE.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll

O2 - BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.1\iobitToolbarIE.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} -

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Babylon web page translation - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}SysReqLabNVD.Detection.1 - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}SysReqLab.Detection_SRLX.1 - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}MANAGER.DLMCtrl.1 - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB}SMARTLOAD.smartLoadCtrl.1 - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}ONLINESCANNER.OnlineScannerCtrl.1 - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303}zpa_txhe.ZPA_TexasHoldem.1 - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}ZIntro.ZoneIntro.1 - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}PCPitstop2.Exam.1 - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater (Application Updater) - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: FLEXnet Licensing Service (FLEXnet Licensing Service) - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: Google Update Service (gupdate1ca94b36cee2aa9) (gupdate1ca94b36cee2aa9) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

O23 - Service: lxdx_device (lxdx_device) - - C:\Windows\system32\lxdxcoms.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA (PnkBstrA) - Unknown - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Steam Client Service (Steam Client Service) - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TVersityMediaServer (TVersityMediaServer) - Unknown - C:\Users\jon\AppData\Local\TVersity\Media Server\MediaServer.exe

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

 

 

any help on what i should check to fix this would be appreciated

Link to comment
Share on other sites

You bet :wink:

 

Glad it worked for you.

 

By the way, there's nothing suspicious showing in the Hijack log you've posted. Those scans don't see everything, but as long as you don't have any other weird symptoms, you should be fine.

 

Please update your Java though. You have version 6 Update 22 and they're at Update 23 now. You can update directly from the application itself (Control Panel > open "Java" > "Update" tab), or download and install the new version, which will remove the older version automatically :

http://www.java.com/getjava/

 

You have a bunch of toolbars installed. Although they don't pose a direct threat, they do clutter your browser and may slow it down as well. Unless you really need them, I'd uninstall a few of them from Control Panel.

 

That's it. Stay safe out there :-)

 

===

Link to comment
Share on other sites

Yuck ! I missed Adobe Reader 9...:roll:

 

Thanks enoskype. Indeed, version 10 ("X") is needed.

 

JavaRa isn't really necessary anymore, but I could be wrong. Reader has been removing older versions for a while now, when you update or install over older versions. There may be remnants left behind, but from a security point of view, I don't think they pose a threat.

 

Flash updater should be set to Auto, because new versions come out all the time.

 

uTorrent : yeah... I agree. When I start working on an infected computer with P2P or torrent apps onboard, I always advise of the risks. Because our member isn't infected and also because *some* use torrents to get non pirated material, I usually don't mention it unless I can back it up with evidence (infections) present on the machine :wink:

 

===

Link to comment
Share on other sites

Hi again, unfortunately Java updates still leave clutter, and JavaRa 1.16 is updated to a higher build # recently.

You are right about the security of the clutter not posing a threat, but sometimes after update, older add-ons of browsers still stays put and could be risky. (Specifically when an installer includes an older version of Java after an update to a newer version of Java. Example: OpenOffice.org 3.3. One can even not be aware of that.)

 

Cheers.

Link to comment
Share on other sites

  • 5 months later...
Yuck ! I missed Adobe Reader 9...:roll:

 

Thanks enoskype. Indeed, version 10 ("X") is needed.

 

JavaRa isn't really necessary anymore, but I could be wrong. Reader has been removing older versions for a while now, when you update or install over older versions. There may be remnants left behind, but from a security point of view, I don't think they pose a threat.

 

Flash updater should be set to Auto, because new versions come out all the time.

 

uTorrent : yeah... I agree. When I start working on an infected computer with P2P or torrent apps onboard, I always advise of the risks of no Mobile Network Security. Because our member isn't infected and also because *some* use torrents to get non pirated material, I usually don't mention it unless I can back it up with evidence (infections) present on the mobility machine :wink:

 

===

Can auto really accomodate for the new versions? why do some use torrents to get non pirated material? im confused THANKS

 

EDIT: The RED words were added as ad links by the poster and they are red colored and delinked by me.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...