Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log file


  • Please log in to reply
8 replies to this topic

#1 Terry O'leary

Terry O'leary

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:(UK) Plymouth
  • Local time:01:52 AM

Posted 07 April 2009 - 03:21 AM

Hi all i did an Advanced System Care scan and in the security analyzer scan it came up with suggestions. Im not sure what to remove and any help would be great. This is my hijack this report thanks.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Terry O'leary at 8:53:06.75 on 07/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3062.1893 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Terry O'leary\Downloads\dds(3).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\terryo~1\appdata\roaming\mozilla\firefox\profiles\71elnu8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/
FF - component: c:\users\terry o'leary\appdata\roaming\mozilla\firefox\profiles\71elnu8h.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2008-8-1 9867]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-5 108289]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-4-6 603904]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-6 33176]
S3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2008-8-1 118784]

=============== Created Last 30 ================

2009-04-07 08:33 <DIR> --d----- c:\program files\FileChecker
2009-04-07 06:57 <DIR> --d----- c:\users\terryo~1\appdata\roaming\Malwarebytes
2009-04-07 06:56 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-07 06:56 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-06 21:46 <DIR> --d----- c:\programdata\Lavasoft
2009-04-06 21:04 <DIR> --d----- c:\program files\Trend Micro
2009-04-06 15:22 <DIR> --d----- c:\windows\system32\Adobe
2009-04-06 14:43 126,976 a------- c:\windows\system32\Imsmudlg.exe
2009-04-06 14:43 <DIR> --d----- c:\windows\system32\ENU
2009-04-06 14:41 <DIR> --d----- C:\DeskUpdate.tmp
2009-04-06 13:40 2,048 a------- c:\windows\system32\tzres.dll
2009-04-06 13:39 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-06 13:38 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-06 13:38 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-06 13:38 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-06 13:36 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-06 13:35 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-04-06 13:20 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-06 13:20 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-06 13:20 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-06 13:20 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-06 13:20 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-06 13:20 11,264 a------- c:\windows\system32\icardres.dll
2009-04-06 13:20 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-06 13:20 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-06 13:16 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-06 13:16 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-06 13:16 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-06 13:16 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-06 13:16 83,968 a------- c:\windows\system32\mscories.dll
2009-04-06 12:34 <DIR> --d----- c:\programdata\NOS
2009-04-06 11:43 58,792 -------- c:\windows\system32\wbload.dll
2009-04-06 11:43 <DIR> --d----- c:\program files\Stardock
2009-04-06 11:43 42,672 -------- c:\windows\system32\wbsys.dll
2009-04-06 10:17 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-04-06 10:16 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-04-06 10:16 17,152 a------- c:\windows\system32\authuitu.dll
2009-04-06 10:16 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-06 10:16 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-04-06 09:59 <DIR> --d----- c:\program files\Smart PC Utilities
2009-04-06 09:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-06 08:42 <DIR> --d----- c:\users\terryo~1\appdata\roaming\TuneUp Software
2009-04-06 08:42 <DIR> --d----- c:\programdata\TuneUp Software
2009-04-06 08:42 <DIR> --d----- c:\progra~2\TuneUp Software
2009-04-06 08:41 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-06 08:41 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-06 08:33 <DIR> --d----- c:\users\terryo~1\appdata\roaming\IObit
2009-04-06 08:33 <DIR> --d----- c:\program files\IObit
2009-04-06 08:20 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-06 08:20 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-06 08:20 <DIR> --d----- c:\users\terryo~1\appdata\roaming\SUPERAntiSpyware.com
2009-04-06 08:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-06 08:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-06 08:05 <DIR> --d----- c:\program files\Frameworkx
2009-04-06 08:02 <DIR> --d----- c:\programdata\Fujitsu
2009-04-06 08:02 <DIR> --d----- c:\program files\common files\Fujitsu
2009-04-06 08:02 <DIR> --d----- c:\progra~2\Fujitsu
2009-04-06 08:02 <DIR> --d----- c:\program files\Fujitsu
2009-04-06 07:50 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-06 07:50 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-06 07:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-06 07:50 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-05 22:41 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-04-05 22:30 <DIR> --d----- c:\program files\CCleaner
2009-04-05 22:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-05 22:19 <DIR> --d----- c:\programdata\Avira
2009-04-05 22:19 <DIR> --d----- c:\program files\Avira
2009-04-05 22:19 <DIR> --d----- c:\progra~2\Avira
2009-04-05 22:00 <DIR> --d----- c:\program files\VS Revo Group
2009-04-05 21:39 <DIR> --d----- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-04-05 21:39 <DIR> --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-04-05 21:38 <DIR> --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-04-05 21:38 1,629 a------- C:\Register For AOL Broadband.lnk
2009-04-05 21:38 <DIR> --d----- c:\users\Terry O'leary
2009-04-05 21:37 <DIR> --d----- c:\programdata\fsc-reg
2009-04-05 21:37 <DIR> --d----- c:\progra~2\fsc-reg
2009-04-05 21:37 <DIR> --d----- c:\program files\Norman
2009-04-05 21:35 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-04-05 21:35 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-05 21:35 <DIR> --d----- c:\programdata\Google
2009-04-05 21:35 15,360 a------- c:\windows\system32\Fujitsu-Siemens.scr
2009-03-19 16:08 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-19 16:08 348,160 a------- c:\windows\system32\msvcr71.dll

==================== Find3M ====================

2009-04-06 14:43 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-06 14:43 51,200 a------- c:\windows\inf\infpub.dat
2009-04-06 14:25 86,016 a------- c:\windows\inf\infstor.dat
2009-04-06 14:00 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-16 09:59 73,728 a------- c:\windows\system32\RtNicProp32.dll
2009-01-15 07:11 827,392 a------- c:\windows\system32\wininet.dll
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:53:37.31 ===============

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 18 April 2009 - 03:24 PM

hi,

Sorry for delay, no shortage of posters. Iam not familiar with Advanced System Care. You have several antimalware apps. Are they updated and coming up clean after a scan?
Having any signs of malware?

How Can I Reduce My Risk to Malware?


#3 Terry O'leary

Terry O'leary
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:(UK) Plymouth
  • Local time:01:52 AM

Posted 19 April 2009 - 02:59 AM

Hello thanks for the reply all is ok now have done a system restore. It seems that Advanced System Care utility was coming up with suggestions for security analyzer because i was'nt using a full anti virus software. I am now using Norton anti virus and everything is fine.

Thanks again :thumbup2:

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 19 April 2009 - 07:48 AM

hi,

Ok, but it looks like you did have a Antivirus installed:

C:\Program Files\Avira\AntiVir Desktop

http://www.avira.com/en/download/index.html

Only one AV is needed on a computer, two is not better with Antivirus. Anti-malware apps yes more than one is ok

How Can I Reduce My Risk to Malware?


#5 Terry O'leary

Terry O'leary
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:(UK) Plymouth
  • Local time:01:52 AM

Posted 20 April 2009 - 02:10 AM

Hi

Thanks for reply. Yes i was using an anti-virus before, i was using Avira freeware anti-virus which i installed when the security software preinstalled on my computer expired. And once again using Advanced System Care utility the secrity analyzer scan was fine up until the preinstalled anti-virus expired and i installed a freeware anti-virus. So it seems when i use a freeware anti-virus, security analyzer scan of Advanced System Care utilities throws up suggestions i dont know why this is.

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 20 April 2009 - 04:17 PM

maybe system care dosnt recogonize that Antivirus? Dont know why really. Maybe they get kickbacks from AV that has to be paid for!?!

In any case if you have a updated AV such as Avira you can ignore the system care suggestion that its "not a full AV", whatever that means. Norton has nothing over Avira.
Since you now have Norton, I assume you have uninstalled Avira using the add/remove programs panel?
Maybe there calling a "suite" of AV, spyware and firewall a "full AV". Actually individual apps are better than suites anyway.

How Can I Reduce My Risk to Malware?


#7 Terry O'leary

Terry O'leary
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:(UK) Plymouth
  • Local time:01:52 AM

Posted 21 April 2009 - 02:28 AM

Hi

Once again thanks for your help, yes i have uninstalled Avira anti-virus with Revo uninstaller.

Thanks.

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:52 AM

Posted 21 April 2009 - 04:03 PM

hi Terry O'leary,

ok good. your welcome. Happy Safe Surfing----some tips for reducing your risk to malware:

Reducing Your Risk To Malware:
The Short Version:

1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is now also true for web based application like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer.

10) If your habits include: warez, cracks etc or you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?


#9 Terry O'leary

Terry O'leary
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:(UK) Plymouth
  • Local time:01:52 AM

Posted 22 April 2009 - 07:20 AM

Ok and thanks for all your advice :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users