Arcade File Downloads Support Forum
Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

Bad - Remove almost always
OK Most of the time - don't need to touch
Probably not needed - Safe to remove
Generally harmless - third party applications
Bad if you don't know what it is
Unknown Item - Investigate further

Logfile of Trend Micro HijackThis v2.0.4
Up To Date Version of HijackThis
You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.

Scan saved at 6:38:12 PM, on 2/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PMB.exe
We Don't know! Please post a comment with information about this file

C:\Users\BAKER_~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

C:\Program Files\AVAST Software\Avast\AvastUI.exe
avastUI.exe
This is a part of Avast AntiVirus. Judging by the name it is the User Interface.

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
jusched.exe

What is it?
Java Update Scheduler - jusched.exe

What does it do?
jusched.exe - This is Sun's Java automatic update utility. If you would like to disable this scheduler then go to your control panel and click on the java module. The go to the updates tab and uncheck "check for updates automatically".

Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of jusched.exe is
C:Program FilesJavaj2re1.4.2_04injusched.exe. Obviously j2re1.4.2_04 is the version number. At this time my search shows nothing that you need to worry about..


C:\Program Files (x86)\iTunes\iTunesHelper.exe
iTunesHelper.exe
iTunesHelper.exe belongs to Apples Itunes which is an online MP3 store. Ituneshelper.exe will play the music and it also monitors for when you plug your ipod in so it can transfer files over to it.

Ipod's rock... Even with the horrible U2... U2 sucks and Bono needs to keep his mouth shut and out of politics. Nobody cares what a musician thinks.

Oh wait, Bono isn't a musician....

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
HijackThis.exe
This is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

F2 - REG:system.ini: UserInit=userinit.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Unnamed BHO
AcroIEHelperShim.dll - Adobe Acrobat reader helper

O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Unnamed BHO
ssv.dll - Related to Sun_Java_software http://java.com/en/download/index.jsp

O2 - BHO: Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
aswWebRepIE.dll
Avast! webrep module which shows safety ratings for the sites you visit.

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Unnamed BHO
jp2ssv.dll is the java browser plugin. Without this you wont be able to run java in your browser

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O3 - Toolbar: Search-Results Toolbar - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O3 - Toolbar: PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
avast
"Added by the SMALL.CZ TROJAN!"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SunJavaUpdateSched
"Checks with Sun's Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
iTunesHelper
Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartCCC
Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start → Programs

O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Adobe ARM
"Adobe Reader Manager (ARM) - update/download manager added with Adobe Reader from version 9.2. Taken from the Adobe user forums - ""AdobeARM.exe is a part of new Adobe AcrobatReader updater. If you manage updates yourself

O4 - HKLM\..\Run: [SMessaging] C:\Users\Baker_Haus\AppData\Local\Strongvault Online Backup\SMessaging.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Pando Media Booster
"Pando Media Booster from Pando Networks

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
Steam
"Valve Corporation's STEAM broadband game client. Steam is Valve's new way of getting games into your hands ASAP. Games like Half-Life

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Skype
"Skype is ""free calls

O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
Messenger
"Added by the KUTEX TROJAN!"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
Sidebar
"Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
mctadmin
mctadmin.exe is a MS command line tool in windows 7 and server 2008 to allow locational packages.

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
Sidebar
"Windows Sidebar is a pane on the side of the Microsoft Windows Vista desktop where you can keep your gadgets organized and always available. In Windows 7 this feature is known as Desktop Gadgets and each gadget can be placed anywhere on the desktop. If the file isn't located in %ProgramFiles%\Windows Sidebar or you're using other versions of Windows it could be part of the Searchcentrix hijacker"

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
mctadmin
mctadmin.exe is a MS command line tool in windows 7 and server 2008 to allow locational packages.

O4 - Startup: CurseClientStartup.ccip


O4 - Global Startup: StrongVaultApp.exe


O4 - Global Startup: StrongVaultApp.exe.lnk = C:\Users\Baker_Haus\AppData\Local\StrongVault\StrongVaultApp.exe


O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
Internet Explorer Restrictions
Spybot uses this to lock your homepage. Otherwise ask your administrator. If you're the administrator and you don't know what this is go ahead and clear it.

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
IE Advanced Options
This is rarely modified by programs.

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Extra Protocols
There's a few known hijackers that use this but I haven't found anything good come out of these

O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\Windows\SysWOW64\guard32.dll
AppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Apple Mobile Device

Apple itunes related monitors for when you plug in an Idevice. If you're using an Iphone, ipad or ipod then you'll need to keep this. Android is better. COmmonly found in \%Program Files%\Common Files\Apple\Mobile Device Support\bin\


O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus
Related to Avast AntiVirus

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
Bonjour Service
Create's a network of computers and smart devices. Made by Apple Computer Inc. For more information

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Google Update Service

Google upload service moitors and updates google products like chrome found under \%Program Files%\Google\Update\


O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Google Update Service

Google upload service moitors and updates google products like chrome found under \%Program Files%\Google\Update\


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
iPod Service
Related to Apple iPod.

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.