Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Log File from Hijack Analysis: Running Vista Home Premium.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Log File from Hijack Analysis: Running Vista Home Premium.

Unread postby lipmanaj » May 11th, 2011, 11:02 am

Hello, and thanks for your board.

I am running a Dell Studio XPS 9000 with OS Vista Home Premium SP 2. From Speccy:

Operating System
MS Windows Vista Home Premium 64-bit SP2
CPU
Intel Core i7 920 @ 2.67GHz 61 °C
Bloomfield 45nm Technology
RAM
12.0GB Triple-Channel DDR3 @ 532MHz (7-7-7-20)
Motherboard
DELL Inc. 0X501H (CPU 1)
Graphics
DELL S2409W (1024x768@75Hz)
1024MB ATI Radeon HD 4800 Series (ATI)
Hard Drives
977GB SAMSUNG SAMSUNG HD103UJ (SATA) 36 °C
1465GB Seagate ST31500341AS (SATA) 40 °C
Optical Drives
HL-DT-ST BD-RE BH20N
Audio
High Definition Audio Device
--
The performance has been notably slower of late. Hard drives have plenty of room, as does RAM. I suspect Malware.

Below is the logfile, run today. Interestingly, I ran Hijack This first, but HT would not generate a logfile--just a blank notepad page. iObitSecurity360 was thus used--100% compatible with HT and HT forums:


Running processes:

O2 - BHO: SnagIt Toolbar Loader -

{00C6482D-C502-44C8-8409-

FCE54AD9C208} - C:\Program Files

(x86)\TechSmith\Snagit 10

\SnagitBHO.dll
O2 - BHO: Adobe PDF Link Helper -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files

(x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEH

elperShim.dll
O3 - Toolbar: - {47833539-D0C5-

4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: Snagit - {8FF5E183-

ABDE-46EB-B09E-D2AAB95CABE3} -

C:\Program Files (x86)

\TechSmith\Snagit 10

\SnagitIEAddin.dll
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [ehTray.exe]

C:\Windows\ehome\ehTray.exe
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [Advanced

SystemCare 4] "C:\Program Files

(x86)\IObit\Advanced SystemCare 4

\ASCTray.exe"
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [Google Update]

"C:\Users\user\AppData\Local\Google

\Update\GoogleUpdate.exe" /c
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [avgnt]

"C:\Program Files (x86)

\Avira\AntiVir Desktop\avgnt.exe"

/min
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\:

[dellsupportcenter] "C:\Program

Files (x86)\Dell Support

Center\bin\sprtcmd.exe" /P

dellsupportcenter
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\:

[SunJavaUpdateSched] "C:\Program

Files (x86)\Common Files\Java\Java

Update\jusched.exe"
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [IObit Security

360] "C:\Program Files (x86)

\IObit\IObit Security 360

\IS360tray.exe" /autostart
O8 - Extra context menu item:

Append Link Target to Existing PDF

- res://C:\Program Files (x86)

\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIEAppendSelLinks.h

tml
O8 - Extra context menu item:

Append to Existing PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIEAppend.html
O8 - Extra context menu item:

Convert Link Target to Adobe PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIECaptureSelLinks.

html
O8 - Extra context menu item:

Convert to Adobe PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIECapture.html
O16 - DPF: {49312E18-AA92-4CC2-

BB97-55DEA7BCADD6}SysPro.WMI.1 -

http://support.dell.com/systemprofi

ler/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-

B3E9-00805F499D93}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-

0007-ABCDEFFEDCBA}Java Plug-in

1.6.0_07 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-

0024-ABCDEFFEDCBA}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-

FFFF-ABCDEFFEDCBA}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-

ABA6-0060082AA75C}

GpcContainer.GpcContainer.1 -
O23 - Service: Adobe LM Service

(Adobe LM Service) - Adobe Systems

- C:\Program Files (x86)\Common

Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File

Monitor V5

(AdobeActiveFileMonitor5.0) -

Unknown - C:\Program Files (x86)

\Adobe\Photoshop Elements 5.0

\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File

Monitor V9

(AdobeActiveFileMonitor9.0) - Adobe

Systems Incorporated - C:\Program

Files (x86)\Adobe\Elements 9

Organizer\PhotoshopElementsFileAgen

t.exe
O23 - Service: Advanced SystemCare

Service (AdvancedSystemCareService)

- IObit - C:\Program Files (x86)

\IObit\Advanced SystemCare 4

\ASCService.exe
O23 - Service: Avira AntiVir

Scheduler (AntiVirSchedulerService)

- Avira GmbH - C:\Program Files

(x86)\Avira\AntiVir

Desktop\sched.exe
O23 - Service: Avira AntiVir Guard

(AntiVirService) - Avira GmbH -

C:\Program Files (x86)

\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Remote Access Media

Server (Apache2.2) - Apache

Software Foundation - C:\Program

Files (x86)\Common

Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device

(Apple Mobile Device) - Apple Inc.

- C:\Program Files (x86)\Common

Files\Apple\Mobile Device

Support\AppleMobileDeviceService.ex

e
O23 - Service: WebEx Service Host

for Support Center (atashost) -

WebEx Communications, Inc. -

C:\Windows\SysWOW64\atashost.exe
O23 - Service: Ati External Event

Utility (Ati External Event

Utility) - ATI Technologies Inc. -

C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service

(Bonjour Service) - Apple Inc. -

C:\Program Files (x86)

\Bonjour\mDNSResponder.exe
O23 - Service: CableAssociation

(CableAssociation) - Wisair Ltd. -

C:\Program Files (x86)\Wireless

USB\Components\Association\CableAss

ociation.exe
O23 - Service: DCOM Server Process

Launcher (DcomLaunch) - Unknown -
O23 - Service: DisplayLinkManager

(DisplayLinkService) - DisplayLink

Corp. - C:\Program

Files\DisplayLink Core

Software\DisplayLinkManager.exe
O23 - Service: Dock Login Service

(DockLoginService) - Stardock

Corporation - C:\Program

Files\Dell\DellDock\DockLogin.exe
O23 - Service: Diagnostic Policy

Service (DPS) - Unknown -
O23 - Service: Dragon Service

(DragonSvc) - Nuance

Communications, Inc. - C:\Program

Files (x86)\Common

Files\Nuance\dgnsvc.exe
O23 - Service: Remote Access DB

(dsl-db) - Unknown - C:\Program

Files (x86)\Common

Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File

Sync Service (dsl-fs-sync) -

SingleClick Systems - C:\Program

Files (x86)\Common

Files\Dell\Remote Access File Sync

Service\dsl_fs_sync.exe
O23 - Service: Windows Media Center

Service Launcher (ehstart) -

Unknown - %windir%\system32

\svchost.exe
O23 - Service: FLEXnet Licensing

Service (FLEXnet Licensing Service)

- Macrovision Europe Ltd. -

C:\Program Files (x86)\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Group Policy Client

(gpsvc) - Unknown -
O23 - Service: Google Update

Service (gupdate) (gupdate) -

Google Inc. - C:\Program Files

(x86)

\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update

Service (gupdatem) (gupdatem) -

Google Inc. - C:\Program Files

(x86)

\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking

Service (hnmsvc) - Dell Inc. -

C:\Program Files (x86)\Common

Files\Dell\Advanced Networking

Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix

Storage Event Monitor (IAANTMON) -

Intel Corporation - C:\Program

Files (x86)\Intel\Intel Matrix

Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files

(x86)\Common

Files\InstallShield\Driver\1050

\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace

(idsvc) - Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0

\Windows Communication

Foundation\infocard.exe
O23 - Service: iPod Service (iPod

Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor

(LVPrcS64) - Logitech Inc. -

C:\Program Files\Common

Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Net.Tcp Port Sharing

Service (NetTcpPortSharing) -

Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0

\Windows Communication

Foundation\SMSvcHost.exe
O23 - Service: Pure Networks

Platform Service (nmservice) -

Cisco Systems, Inc. - C:\Program

Files (x86)\Common Files\Pure

Networks Shared\Platform\nmsrvc.exe
O23 - Service: PACE License

Services (PaceLicenseDServices) -

PACE Anti-Piracy, Inc. - C:\Program

Files (x86)\Common

Files\PACE\Services\LicenseServices

\LDSvc.exe
O23 - Service: Quality Windows

Audio Video Experience (QWAVE) -

Unknown - %windir%\system32

\svchost.exe
O23 - Service: Remote Packet

Capture Protocol v.0 (experimental)

(rpcapd) - Unknown - %ProgramFiles

(x86)%\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure

Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts

Manager (SamSs) - Unknown -
O23 - Service: SCM_Service

(SCM_Service) - Unknown -

C:\Windows\SysWOW64\WinService.exe
O23 - Service: Secondary Logon

(seclogon) - Unknown - %windir%

\system32\svchost.exe
O23 - Service: SupportSoft Sprocket

Service (ddoctorv2)

(sprtsvc_ddoctorv2) - SupportSoft,

Inc. - C:\Program Files (x86)

\Comcast\Desktop

Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket

Service (DellSupportCenter)

(sprtsvc_DellSupportCenter) -

SupportSoft, Inc. - C:\Program

Files (x86)\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Distributed Link

Tracking Client (TrkWks) - Unknown

-
O23 - Service: Windows Modules

Installer (TrustedInstaller) -

Unknown -
O23 - Service: Diagnostic Service

Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System

Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player

Network Sharing Service

(WMPNetworkSvc) - Unknown - %

ProgramFiles%\Windows Media

Player\wmpnetwk.exe
O23 - Service: IS360service

(IS360service) - IObit - C:\Program

Files (x86)\IObit\IObit Security

360\IS360srv.exe

-------------------


Please feel free to contact me at <email address removed by admin for privacy reasons> with any questions.

As a first time malware analyzer, I appreciate your help.

Best,

Dr. Alan J. Lipman
You do not have the required permissions to view the files attached to this post.
lipmanaj
Active Member
 
Posts: 1
Joined: May 11th, 2011, 10:50 am
Advertisement
Register to Remove

Re: Log File from Hijack Analysis: Running Vista Home Premiu

Unread postby NonSuch » May 11th, 2011, 4:12 pm

Never post your email address in any place where it can be viewed by others as it will be harvested by spambots.

Please familiarize yourself with the forum rules: >Forum Posting Rules - Please Read<

In order for us to help you it is necessary that you provide us with a DDS log. Please follow the guideline at the link below to start a new topic and post your DDS log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the guideline posted here: >Guideline for posting your DDS log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware