Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

inihid.exe

Started by silent_n0va , Jul 13 2008 06:18 AM

  • Please log in to reply

#1
silent_n0va
Posted 13 July 2008 - 06:18 AM

silent_n0va

    Member

  • Member
  • PipPip
  • 47 posts
A couple days ago, I browsed for Vista gadgets and downloaded a miniTV that supposedly received stations on the sidebar, which did not. The next morning, I noticed that the system was blocking inihid.exe. I was unsure whether to leave it blocked, but I found it was a button manager made by INITIO. Seeing the XP version, I figured the Vista one was harmless and let it run. Symantec then turned off, as well as UAC. Symantec would not turn on and when I rebooted to turn UAC back on, the OS failed to start. The system attempted to fix itself and I performed a system restore, setting it to before I downloaded the miniTV. When I rebooted, however, Symantec was turned off again, as well as UAC, and inihid.exe still existed. Symantec finally did run once for me today, so I scanned my machine, only to find no viruses. I also used Spybot Search and Destroy and found nothing, as well as Windows Defender. I tried using RootkitRevealer to see whether it was a rootkit, but the application would not install because the service kept timing out.

I believe inihid.exe is the cause of my problem, but I would like someone more experienced on the subject to take a look at my log and see if they can figure out what it might be, as well as methods of resolving the problem. Thank you so much for your input!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:26 AM, on 7/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\CyberLink\PowerDVD

DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNo

tifier.exe
C:\Program Files\Dell Support

Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ArcSoft\TotalMedia Backup &

Record\uBBMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
C:\Program Files\INITIO\Button Manager v1.874

\inihid.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Microsoft Digital Image 10\pi.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\google\googletoolbar1user.exe
C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Internet Explorer

provided by Dell
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-

6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-

B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-

BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464

-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-

4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43

-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.914.9778

\swg.dll
O2 - BHO: Browser Address Error Redirector -

{CA6319C0-31B7-401E-A518-A07C3DB8F777} -

C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %

ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1

\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program

Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction

Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program

Files\Common

Files\InstallShield\UpdateService\issch.exe" -

start
O4 - HKLM\..\Run: [Google Desktop Search]

"C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-

Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader]

"C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [%PROVIDERID%] "bin\sprtcmd.exe"

/P %PROVIDERID%
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [WengoPhoneNG] C:\Program

Files\WengoPhone\qtwengophone.exe -b
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNo

tifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program

Files\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program

Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EA Core] C:\Program

Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program

Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %

ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %

ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and

Launcher.lnk = C:\Program Files\Microsoft

Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Button Manager v1.874.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk =

C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: TotalMedia Backup Monitor.lnk

= C:\Program Files\ArcSoft\TotalMedia Backup &

Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft

Excel - res://C:\PROGRA~1\MICROS~3\Office12

\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-

7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8

-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-

48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &

Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .mdz: C:\Program Files\Internet

Explorer\Plugins\npmod32.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}

(Facebook Photo Uploader 5) -

http://upload.facebo.../FacebookPhotoU

ploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}

(Windows Live OneCare safety scanner control) -

http://cdn.scan.onec...source/download

/scanner/en-US/wlscctrl2.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}

(Facebook Photo Uploader 4) -

http://upload.facebo.../FacebookPhotoU

ploader4_5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-

47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-

9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1

\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2

\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. -

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI

Technologies Inc. - C:\Windows\system32

\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service

(CLTNetCnService) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: CSQWUARHXVT - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\CSQWUARHXVT.exe
O23 - Service: Symantec AntiVirus Definition

Watcher (DefWatch) - Symantec Corporation -

C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DFQGFCHO - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\DFQGFCHO.exe
O23 - Service: DSBrokerService - Unknown owner -

C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FVUOCWBZ - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\FVUOCWBZ.exe
O23 - Service: GoogleDesktopManager - Google -

C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) -

Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HZGFUBYF - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\HZGFUBYF.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MWBFUCDSRYU - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\MWBFUCDSRYU.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions -

C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9

(RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net

(rpcnet) - Absolute Software Corp. -

C:\Windows\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec -

C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SupportSoft Sprocket Service

(dellsupportcenter) (sprtsvc_dellsupportcenter) -

SupportSoft, Inc. - C:\Program Files\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) -

SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major

Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve

Corporation - C:\Program Files\Common

Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development,

Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec

Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service

(wltrysvc) - Unknown owner - C:\Windows\System32

\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems,

Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZMMJVRAR - Sysinternals -

www.sysinternals.com -

C:\Users\Andrea\AppData\Local\Temp\ZMMJVRAR.exe

--
End of file - 12342 bytes
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP