• We've upgraded our forums. Please post any issues/requests in this thread.

Hijack log

Joined
Dec 13, 2011
Messages
390 (0.18/day)
Likes
31
Processor Intel C2Q Q9550 (2.83 GHZ)
Cooling Intel OC27vv
Memory 12 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
#1
I'm not sure if I'm posting this in the right section, so if is the wrong spot, admin please fix it for me.

This long is not from my laptop that I posted with the DLL error. This is a customer PC which had 162 infections found by Malware Bytes. All of them were removed, but I know its too early to give the computer a clean bill of health. I normally remove all BHO''s, but I'm a little nervous about the files listed in services.



Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:23:00 AM, on 7/13/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Java Update\winclient32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\JavaLive! Manager\jvsystem32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Discovery\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...tGyD0DtAzztB0ByDtDyDyD0E0C2Q&cr=883484902&ir=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SelectionLinksBHO - {FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Windows Client Manager] C:\Program Files\Java Update\winclient32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Update Manager] C:\Program Files\JavaLive! Manager\jvsystem32.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: ,c:\progra~1\amazon\amazon~1\\amazon~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11332 bytes
 
Joined
Oct 24, 2004
Messages
813 (0.17/day)
Likes
463
System Name $computer$
Processor Core i7 4790K @ 4.4Ghz
Motherboard MSI Z97 Gaming 5
Cooling Alpenföhne Broken 120 + 2 huge coolermaster chassis fans
Memory 2x8GB DDR3 2133Mhz Crucial Ballistix
Video Card(s) Geforce GTX 1080
Storage 2x60gb Kingston SSDnow 320 / 1x120gb Crucial SSD C300 / 1 WD caviar black 1tb
Display(s) 40" Samsung UE40ES5500
Case Cooler Master HAF932
Audio Device(s) onboard realtek audio
Power Supply Corsair AX1200
Mouse Microsoft intellimouse optical
Keyboard Logitech K270
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/vmb641
#2
Overall log looks goods, the rest is subjective:

Running process looks ok.

Unless it's a choice of your to have those search engines, your could safely delete those entries (but if you're using google chrome as default browser then it doesn't really matter since only IE is affected):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...tGyD0DtAzztB0ByDtDyDyD0E0C2Q&cr=883484902&ir=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_Aw...5EJT3kGE6s5B_7wlSFbLtW-U3J8E,&q={searchTerms}

those browser helper objects are probably useless and unwanted:
O2 - BHO: CrossriderApp0035510 - {11111111-1111-1111-1111-110311551110} - C:\Program Files\iWebar\iWebar-bho.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

those programs could be safely disabled to speedup your laptop:
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

as for the services, none of them are illegitimate, but 3 of them could easily be bypassed to no noticeable effects:
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 
Joined
Dec 13, 2011
Messages
390 (0.18/day)
Likes
31
Processor Intel C2Q Q9550 (2.83 GHZ)
Cooling Intel OC27vv
Memory 12 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
#3
I got rid of A LOT more Adware and PUP with Adwcleaner. The laptop seems very responsive now, but WiFi does not work. I thought it was due to all of the trojans and Adware.

Whenever I try to join my WiFi, it connects but says 'Local Only' and 'unidentified network'. Windows does find a problem, but the diagnose/fix option does not work.

Could it be possible that the on-board WiFi adapter doesn't play well with WPA2?
 
Joined
Oct 24, 2004
Messages
813 (0.17/day)
Likes
463
System Name $computer$
Processor Core i7 4790K @ 4.4Ghz
Motherboard MSI Z97 Gaming 5
Cooling Alpenföhne Broken 120 + 2 huge coolermaster chassis fans
Memory 2x8GB DDR3 2133Mhz Crucial Ballistix
Video Card(s) Geforce GTX 1080
Storage 2x60gb Kingston SSDnow 320 / 1x120gb Crucial SSD C300 / 1 WD caviar black 1tb
Display(s) 40" Samsung UE40ES5500
Case Cooler Master HAF932
Audio Device(s) onboard realtek audio
Power Supply Corsair AX1200
Mouse Microsoft intellimouse optical
Keyboard Logitech K270
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/vmb641
#4
could you issue an ipconfig /all from a command prompt and post the complete output here ?
 
Joined
Apr 19, 2009
Messages
778 (0.25/day)
Likes
913
Location
Romania
System Name Asus ROG G752VY
Processor i7-6700HQ
Memory 24GB DDR4 2133mhz
Video Card(s) nvidia 980m
Storage Samsung SSD 850 pro 2TB+1tb hdd 7200rpm
Software Mageia 6 + Windows 10
#5
The most sure thing to do for a clean, it is to reinstall the OS...
 
Joined
Dec 13, 2011
Messages
390 (0.18/day)
Likes
31
Processor Intel C2Q Q9550 (2.83 GHZ)
Cooling Intel OC27vv
Memory 12 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
#6
could you issue an ipconfig /all from a command prompt and post the complete output here ?

Shucks, I gave the laptop back to the customer. I believe the problem was the adapter didn't support WPA2. When trying to connect, it would make a quick attempt, then fail. I never once was prompted for the WPA2 key.
 
Joined
Dec 13, 2011
Messages
390 (0.18/day)
Likes
31
Processor Intel C2Q Q9550 (2.83 GHZ)
Cooling Intel OC27vv
Memory 12 GB DDR3 667mhz
Video Card(s) XFX Radeon HD 5670
Storage Seagate - 500GB | 7200RPM | 32MB Cache | Sata-3G
Display(s) BenQ RL2455
Case Dell Tower
Audio Device(s) On-board
Power Supply Corsair 600w
#7
The most sure thing to do for a clean, it is to reinstall the OS...

That's true. But the laptop was running Vista. And I don't have Vista anymore, trashed it long time ago Its a Vista certified laptop. I ran into a few problems trying to install Windows 7 on a Vista machine (driver issues)