Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced System Care Suggestions


  • Please log in to reply
6 replies to this topic

#1 jungian

jungian

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 11 December 2009 - 04:58 AM

I use the professional version of Advanced System Care.

In running a diagnosis of my computer ASC suggests I run a hijack-this analysis and have it evaluated for the existence
of Mal-ware.

I have done this.

Could you please analyze it for me?

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 jungian

jungian
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 16 December 2009 - 06:54 PM

I would be greatly appreciative if somebody could help me on this.

I promise to write Santa and to ask him to bring extra milk and cookies to whoever helps me. :(

Thank you

#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:55 PM

Posted 22 December 2009 - 07:09 PM

hi jungian,

I can help you. Run this instead of HJT:

Please download DDS and save it to your desktop.

Double click dds.scr to run the tool. When done, DDS.txt will open.

Save both reports to your desktop.

Copy/paste both logs in your next reply.

How Can I Reduce My Risk to Malware?


#4 jungian

jungian
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 22 December 2009 - 08:29 PM

I hope I have done this properly.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/11/2006 3:23:00 PM
System Uptime: 12/22/2009 3:40:38 PM (5 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 67 GiB total, 36.18 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP364: 11/5/2009 4:39:50 AM - Software Distribution Service 3.0
RP365: 11/5/2009 10:25:28 AM - Removed Adobe Reader 9.1.2.
RP366: 11/5/2009 10:31:51 AM - Removed Microsoft Plus! Photo Story 2 LE
RP367: 11/5/2009 3:31:38 PM - Software Distribution Service 3.0
RP368: 11/5/2009 3:57:23 PM - Software Distribution Service 3.0
RP369: 11/5/2009 6:42:36 PM - Software Distribution Service 3.0
RP370: 11/5/2009 9:48:34 PM - Software Distribution Service 3.0
RP371: 11/6/2009 4:38:33 AM - Software Distribution Service 3.0
RP372: 11/6/2009 3:00:20 PM - Software Distribution Service 3.0
RP373: 11/6/2009 4:59:22 PM - Software Distribution Service 3.0
RP374: 11/6/2009 7:24:17 PM - Software Distribution Service 3.0
RP375: 11/6/2009 7:30:34 PM - Software Distribution Service 3.0
RP376: 11/7/2009 3:00:24 PM - Software Distribution Service 3.0
RP377: 11/7/2009 3:26:14 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP378: 11/8/2009 8:44:52 AM - Avg8 Update
RP379: 11/8/2009 10:29:17 AM - Software Distribution Service 3.0
RP380: 11/8/2009 10:39:35 AM - Software Distribution Service 3.0
RP381: 11/8/2009 2:00:17 PM - Software Distribution Service 3.0
RP382: 11/9/2009 4:05:37 AM - Software Distribution Service 3.0
RP383: 11/9/2009 2:00:18 PM - Software Distribution Service 3.0
RP384: 11/10/2009 6:29:27 AM - Software Distribution Service 3.0
RP385: 11/10/2009 7:07:59 AM - Software Distribution Service 3.0
RP386: 11/10/2009 1:40:42 PM - Software Distribution Service 3.0
RP387: 11/10/2009 4:15:14 PM - Software Distribution Service 3.0
RP388: 11/11/2009 2:52:28 AM - Software Distribution Service 3.0
RP389: 11/11/2009 6:19:37 AM - Software Distribution Service 3.0
RP390: 11/11/2009 8:16:53 AM - Avg8 Update
RP391: 11/11/2009 8:21:04 AM - Software Distribution Service 3.0
RP392: 11/11/2009 10:03:57 AM - Software Distribution Service 3.0
RP393: 11/11/2009 2:00:16 PM - Software Distribution Service 3.0
RP394: 11/13/2009 12:56:30 AM - Software Distribution Service 3.0
RP395: 11/13/2009 3:43:54 AM - Software Distribution Service 3.0
RP396: 11/13/2009 1:26:06 PM - Software Distribution Service 3.0
RP397: 11/13/2009 6:45:42 PM - Software Distribution Service 3.0
RP398: 11/13/2009 7:56:37 PM - Software Distribution Service 3.0
RP399: 11/14/2009 2:46:53 AM - Software Distribution Service 3.0
RP400: 11/14/2009 2:00:18 PM - Software Distribution Service 3.0
RP401: 11/14/2009 10:35:14 PM - Software Distribution Service 3.0
RP402: 11/15/2009 2:31:47 AM - Software Distribution Service 3.0
RP403: 11/15/2009 2:00:21 PM - Software Distribution Service 3.0
RP404: 11/15/2009 4:33:43 PM - Software Distribution Service 3.0
RP405: 11/15/2009 9:49:46 PM - Software Distribution Service 3.0
RP406: 11/17/2009 12:59:29 AM - Software Distribution Service 3.0
RP407: 11/18/2009 2:00:17 PM - Software Distribution Service 3.0
RP408: 11/19/2009 2:25:08 PM - Software Distribution Service 3.0
RP409: 11/20/2009 2:00:21 PM - Software Distribution Service 3.0
RP410: 11/21/2009 2:00:30 PM - Software Distribution Service 3.0
RP411: 11/21/2009 2:23:06 PM - Installed Windows XP KB942288-v3.
RP412: 11/21/2009 2:37:16 PM - Software Distribution Service 3.0
RP413: 11/21/2009 2:44:05 PM - Installed Windows Installer Clean Up
RP414: 11/21/2009 2:45:56 PM - Removed Microsoft .NET Framework 1.1
RP415: 11/21/2009 2:52:29 PM - Installed Microsoft .NET Framework 1.1
RP416: 11/21/2009 3:00:12 PM - Software Distribution Service 3.0
RP417: 11/23/2009 6:03:44 PM - RegGenie Safe Scan Backup
RP418: 11/24/2009 7:54:54 PM - Software Distribution Service 3.0
RP419: 11/26/2009 8:17:04 AM - Avg8 Update
RP420: 12/2/2009 8:53:59 PM - System Checkpoint
RP421: 12/5/2009 4:54:44 AM - Installed Windows XP -- Software Updates KB952011.
RP422: 12/9/2009 1:57:56 AM - Software Distribution Service 3.0
RP423: 12/10/2009 9:04:14 AM - Removed AVG Free 8.5
RP424: 12/10/2009 12:55:12 PM - Removed AVG Free 8.5
RP425: 12/11/2009 5:53:32 AM - Installed AVG Free 9.0
RP426: 12/11/2009 1:54:15 PM - Avg8 Update
RP427: 12/11/2009 1:56:12 PM - Avg8 Update
RP428: 12/12/2009 8:56:57 AM - Installed HiJackThis
RP429: 12/15/2009 2:33:24 PM - Installed Adobe Reader 9.2.
RP430: 12/15/2009 4:30:04 PM - Installed Staples EasyPrint MSI
RP431: 12/18/2009 1:57:21 PM - Avg8 Update
RP432: 12/18/2009 11:23:40 PM - Software Distribution Service 3.0
RP433: 12/20/2009 7:54:41 AM - System Checkpoint
RP434: 12/22/2009 12:51:08 PM - Avg8 Update

==== Installed Programs ======================

7200
7200_Help
7200Trb
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2
Advanced SystemCare 3
AiO_Scan
AiOSoftware
AOL Connectivity Services
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AVG Free 9.0
Bonjour
Broadcom Management Programs
BufferChm
C-Print Pro Client 2.6.2
C-Print Pro Server 2.6.2
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell System Restore
Destinations
Digital Content Portal
Digital Line Detect
Director
Documentation & Support Launcher
ELIcon
Fax
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HPSystemDiagnostics
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Internet Service Offers Launcher
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 2.5 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Small Business
Microsoft Plus! Digital Media Edition Installer
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.7)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetZeroInstallers
Norton GoBack 4.0 (Symantec Corporation)
Picasa 3
ProductContext
QFolder
Qualxserve Service Agreement
QuickSet
Readme
Scan
ScannerCopy
Search Assist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Staples EasyPrint MSI
Synaptics Pointing Device Driver
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 Beta 3 (KB922880)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

12/22/2009 8:23:23 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001302A909AD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/22/2009 8:20:36 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302A909AD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/22/2009 1:28:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgcorex.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/21/2009 10:24:20 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SHAYRENEE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0FA0102-A570-4. The master browser is stopping or an election is being forced.
12/21/2009 10:14:21 AM, error: PSched [14103] - QoS [Adapter {8F1334F5-9A82-486B-8083-E965BDFAC536}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
12/21/2009 1:28:48 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001302A909AD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/19/2009 9:57:20 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avglngx.dll.old' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/18/2009 1:50:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001302A909AD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/17/2009 5:02:09 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/17/2009 5:01:58 AM, error: Service Control Manager [7000] - The MySql service failed to start due to the following error: The system cannot find the path specified.
12/16/2009 1:00:42 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/15/2009 7:11:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001302A909AD has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS (Ver_09-12-01.01) - NTFSx86
Run by Lewis Lafontaine at 20:16:10.26 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1167 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Staples\easyprint\dsfhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Lewis Lafontaine\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DSFHost] c:\program files\staples\easyprint\dsfhost.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton goback.lnk - c:\program files\norton goback\GBTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lewisl~1\applic~1\mozilla\firefox\profiles\wrbyk9xq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-11 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-11 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-11 285392]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-17 1251720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-5 24652]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-12-22 13:54:31 4253 -c--a-w- C:\22Dec2009 T.rtf
2009-12-22 13:09:24 690 -c--a-w- C:\22Dec2009 T.J.cps
2009-12-22 13:09:08 2657 -c--a-w- C:\22Dec2009 T.J.rtf
2009-12-21 14:59:09 563 -c--a-w- C:\21Dec2009 T.J.cps
2009-12-21 14:58:50 4169 -c--a-w- C:\21Dec2009 T.J.rtf
2009-12-15 21:30:06 0 d-----w- c:\program files\Staples
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-12 13:56:58 0 d-----w- c:\program files\TrendMicro
2009-12-11 10:54:23 0 dc-h--w- C:\$AVG
2009-12-11 10:54:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-11 10:54:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-11 10:54:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-11 10:53:57 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-11 10:53:53 0 dc----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-11 10:53:33 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-25 00:55:40 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 23:06:23 620 ----a-w- c:\windows\RegGenie.ini
2009-11-23 23:00:47 0 d-----w- c:\program files\RegGenie
2009-11-23 17:48:32 0 dc----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\dllcache\raschap.dll
2008-06-25 10:17:13 88 -csh--r- c:\windows\system32\9332229CA6.sys
2008-06-25 10:17:14 3766 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-06-18 11:36:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061820080619\index.dat

============= FINISH: 20:17:03.07 ===============

#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:55 PM

Posted 24 December 2009 - 11:38 AM

hi,

you did it right. Looks ok to me. I dont see any malware.

ASC suggests I run a hijack-this analysis and have it evaluated for the existence
of Mal-ware.

A few years ago a hjt log was pretty good at displaying malware. Times have changed and so has malware: most malware wont be displayed in a hjt log.
Best to rely on your Anti-virus and antimalware and staying updated. I was going to suggest Malwarebytes but i see you already have it. The free version needs to be updated manually before doing a scan. For your reference I have a list of some of the signs of malware that might tip you off to a problem.
Happy safe surfing.

How Can I Reduce My Risk to Malware?


#6 jungian

jungian
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 25 December 2009 - 08:44 AM

Thank you for taking the time to check my HiJack report .

#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:55 PM

Posted 25 December 2009 - 01:45 PM

ok. Your welcome. If all is good, some tips to help you remain malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:

Simply knowing what constitutes a safe action on a computer and what may not will help you tremendously.

1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If these keep finding malware then you should review your computer habits.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Even if you get a E-Mail from someone you know, its possible that there computer or account information has been compromised and the E-mail is not really from them.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

10) Warez, cracks etc are very popular for carrying malware payloads. Using them will cause all kinds of problems. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users