Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Logfile of Trend Micro HijackThis v2.0.5
- Scan saved at 6:56:29 PM, on 2/15/2014
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- MSIE: Unable to get Internet Explorer version!
- CHROME: 28.0.1500.52
- Boot mode: Normal
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\nvsvc32.exe
- C:\WINDOWS\system32\svchost.exe
- C:\Program Files\PC Speed Up\PCSUService.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\Explorer.EXE
- C:\WINDOWS\arservice.exe
- C:\WINDOWS\eHome\ehRecvr.exe
- C:\WINDOWS\eHome\ehSched.exe
- C:\WINDOWS\system32\dmwu.exe
- C:\Program Files\SoftwareUpdater\SystemStore.exe
- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
- C:\WINDOWS\system32\jmdp\stij.exe
- C:\Program Files\IObit\Game Booster 3\gbtray.exe
- C:\Documents and Settings\marcus\Application Data\mjusbsp\magicJack.exe
- C:\Program Files\Java\jre7\bin\jqs.exe
- C:\Program Files\common files\Java\Java Update\jusched.exe
- C:\Program Files\common files\Java\Java Update\jusched.exe
- C:\Program Files\common files\Java\Java Update\jusched.exe
- C:\Program Files\IObit\Game Booster 3\Boost.exe
- C:\WINDOWS\system32\svchost.exe
- C:\Program Files\SpeedItup Free\speeditupfree.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
- C:\Documents and Settings\marcus\My Documents\Downloads\HijackThis.exe
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3314199&octid=CT3314199&SearchSource=61&CUI=UN56837340252842166&UM=2&UP=SP5BE1ADF7-DDED-40AE-9A7B-C05042C8FA61
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
- R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
- R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
- R3 - URLSearchHook: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhi0.dll
- R3 - URLSearchHook: KeyBar 1.8 Toolbar - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey2.dll
- O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
- O2 - BHO: CrossriderApp0012555 - {11111111-1111-1111-1111-110111251155} - C:\Program Files\JollyWallet\JollyWallet.dll
- O2 - BHO: CrossriderApp0026278 - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings.dll
- O2 - BHO: Drop Coupons Plugin - {513ECFF3-C9D8-421E-B216-7C9D594942EE} - C:\Program Files\DropCoupon\DropCoupons.dll
- O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
- O2 - BHO: WhiteSmoke New - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhi0.dll
- O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
- O2 - BHO: HelloWorldBHO - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files\OApps\SelectionLinks.dll
- O2 - BHO: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - mscoree.dll (file missing)
- O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
- O2 - BHO: KeyBar 1.8 - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey2.dll
- O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
- O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
- O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
- O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
- O2 - BHO: WordOv - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Documents and Settings\marcus\Local Settings\Application Data\WordOv\temp.dat
- O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
- O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
- O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
- O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll
- O2 - BHO: Yontoo Layer (Drop Down Deals)s - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
- O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
- O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
- O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
- O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
- O3 - Toolbar: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhi0.dll
- O3 - Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
- O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
- O3 - Toolbar: KeyBar 1.8 Toolbar - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files\KeyBar_1.8\prxtbKey2.dll
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
- O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\marcus\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
- O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\marcus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
- O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
- O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
- O4 - HKUS\S-1-5-21-3499596684-2541738641-2010183389-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
- O4 - HKUS\S-1-5-21-3499596684-2541738641-2010183389-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
- O4 - HKUS\S-1-5-21-3499596684-2541738641-2010183389-1010\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User '?')
- O4 - HKUS\S-1-5-21-3499596684-2541738641-2010183389-1013\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'UpdatusUser')
- O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex (User 'Default user')
- O4 - S-1-5-19 Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (User 'LOCAL SERVICE')
- O4 - S-1-5-21-3499596684-2541738641-2010183389-1010 Startup: AXEL.DAV (User '?')
- O4 - S-1-5-21-3499596684-2541738641-2010183389-1013 Startup: AXEL.DAV (User 'UpdatusUser')
- O4 - S-1-5-21-3499596684-2541738641-2010183389-1013 User Startup: AXEL.DAV (User 'UpdatusUser')
- O4 - S-1-5-18 Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (User 'SYSTEM')
- O4 - .DEFAULT Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (User 'Default user')
- O4 - .DEFAULT User Startup: AXEL.DAV (User 'Default user')
- O4 - Startup: AXEL.DAV
- O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
- O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
- O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
- O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
- O15 - Trusted Zone: http://*.trymedia.com (HKLM)
- O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
- O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
- O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
- O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
- O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
- O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
- O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
- O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
- O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
- O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
- O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
- O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
- O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
- O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
- O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
- O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
- O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\PC Speed Up\PCSUService.exe
- O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
- O23 - Service: System Store (SystemStoreService) - Unknown owner - C:\Program Files\SoftwareUpdater\SystemStore.exe
- O23 - Service: Updater By SweetPacks - Unknown owner - C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
- O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
- --
- End of file - 12361 bytes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement