Results 1 to 2 of 2

Thread: Hijack Analysis Log File Posted--Running Vista 64 Home Premium

  1. #1
    Junior Member
    Join Date
    May 2011
    Posts
    1

    Default Hijack Analysis Log File Posted--Running Vista 64 Home Premium

    Hello, and thanks for your board.

    I am running a Dell Studio XPS 9000 with OS Vista Home Premium SP 2. From Speccy:

    Operating System
    MS Windows Vista Home Premium 64-bit SP2
    CPU
    Intel Core i7 920 @ 2.67GHz 61 °C
    Bloomfield 45nm Technology
    RAM
    12.0GB Triple-Channel DDR3 @ 532MHz (7-7-7-20)
    Motherboard
    DELL Inc. 0X501H (CPU 1)
    Graphics
    DELL S2409W (1024x768@75Hz)
    1024MB ATI Radeon HD 4800 Series (ATI)
    Hard Drives
    977GB SAMSUNG SAMSUNG HD103UJ (SATA) 36 °C
    1465GB Seagate ST31500341AS (SATA) 40 °C
    Optical Drives
    HL-DT-ST BD-RE BH20N
    Audio
    High Definition Audio Device
    --
    The performance has been notably slower of late. Hard drives have plenty of room, as does RAM. I suspect Malware.

    Below is the logfile, run today. Interestingly, I ran Hijack This first, but HT would not generate a logfile--just a blank notepad page. iObitSecurity360 was thus used--100% compatible with HT and HT forums:


    Running processes:

    O2 - BHO: SnagIt Toolbar Loader -

    {00C6482D-C502-44C8-8409-

    FCE54AD9C208} - C:\Program Files

    (x86)\TechSmith\Snagit 10

    \SnagitBHO.dll
    O2 - BHO: Adobe PDF Link Helper -

    {18DF081C-E8AD-4283-A596-

    FA578C2EBDC3} - C:\Program Files

    (x86)\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEH

    elperShim.dll
    O3 - Toolbar: - {47833539-D0C5-

    4125-9FA8-0819E2EAAC93} -
    O3 - Toolbar: Snagit - {8FF5E183-

    ABDE-46EB-B09E-D2AAB95CABE3} -

    C:\Program Files (x86)

    \TechSmith\Snagit 10

    \SnagitIEAddin.dll
    O4 -

    HKCU|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\: [ehTray.exe]

    C:\Windows\ehome\ehTray.exe
    O4 -

    HKCU|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\: [Advanced

    SystemCare 4] "C:\Program Files

    (x86)\IObit\Advanced SystemCare 4

    \ASCTray.exe"
    O4 -

    HKCU|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\: [Google Update]

    "C:\Users\user\AppData\Local\Google

    \Update\GoogleUpdate.exe" /c
    O4 -

    HKLM|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\: [avgnt]

    "C:\Program Files (x86)

    \Avira\AntiVir Desktop\avgnt.exe"

    /min
    O4 -

    HKLM|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\:

    [dellsupportcenter] "C:\Program

    Files (x86)\Dell Support

    Center\bin\sprtcmd.exe" /P

    dellsupportcenter
    O4 -

    HKLM|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\:

    [SunJavaUpdateSched] "C:\Program

    Files (x86)\Common Files\Java\Java

    Update\jusched.exe"
    O4 -

    HKLM|\Software\Microsoft\Windows\Cu

    rrentVersion\Run\: [IObit Security

    360] "C:\Program Files (x86)

    \IObit\IObit Security 360

    \IS360tray.exe" /autostart
    O8 - Extra context menu item:

    Append Link Target to Existing PDF

    - res://C:\Program Files (x86)

    \Common

    Files\Adobe\Acrobat\ActiveX\AcroIEF

    avClient.dll/AcroIEAppendSelLinks.h

    tml
    O8 - Extra context menu item:

    Append to Existing PDF -

    res://C:\Program Files (x86)\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEF

    avClient.dll/AcroIEAppend.html
    O8 - Extra context menu item:

    Convert Link Target to Adobe PDF -

    res://C:\Program Files (x86)\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEF

    avClient.dll/AcroIECaptureSelLinks.

    html
    O8 - Extra context menu item:

    Convert to Adobe PDF -

    res://C:\Program Files (x86)\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEF

    avClient.dll/AcroIECapture.html
    O16 - DPF: {49312E18-AA92-4CC2-

    BB97-55DEA7BCADD6}SysPro.WMI.1 -

    http://support.dell.com/systemprofi

    ler/SysProExe.CAB
    O16 - DPF: {8AD9C840-044E-11D1-

    B3E9-00805F499D93}Java Plug-in

    1.6.0_24 -

    http://java.sun.com/update/1.6.0/ji

    nstall-1_6_0_24-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-

    0007-ABCDEFFEDCBA}Java Plug-in

    1.6.0_07 -

    http://java.sun.com/update/1.6.0/ji

    nstall-1_6_0_07-windows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-

    0024-ABCDEFFEDCBA}Java Plug-in

    1.6.0_24 -

    http://java.sun.com/update/1.6.0/ji

    nstall-1_6_0_24-windows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-

    FFFF-ABCDEFFEDCBA}Java Plug-in

    1.6.0_24 -

    http://java.sun.com/update/1.6.0/ji

    nstall-1_6_0_24-windows-i586.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-

    ABA6-0060082AA75C}

    GpcContainer.GpcContainer.1 -
    O23 - Service: Adobe LM Service

    (Adobe LM Service) - Adobe Systems

    - C:\Program Files (x86)\Common

    Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File

    Monitor V5

    (AdobeActiveFileMonitor5.0) -

    Unknown - C:\Program Files (x86)

    \Adobe\Photoshop Elements 5.0

    \PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Active File

    Monitor V9

    (AdobeActiveFileMonitor9.0) - Adobe

    Systems Incorporated - C:\Program

    Files (x86)\Adobe\Elements 9

    Organizer\PhotoshopElementsFileAgen

    t.exe
    O23 - Service: Advanced SystemCare

    Service (AdvancedSystemCareService)

    - IObit - C:\Program Files (x86)

    \IObit\Advanced SystemCare 4

    \ASCService.exe
    O23 - Service: Avira AntiVir

    Scheduler (AntiVirSchedulerService)

    - Avira GmbH - C:\Program Files

    (x86)\Avira\AntiVir

    Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard

    (AntiVirService) - Avira GmbH -

    C:\Program Files (x86)

    \Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Remote Access Media

    Server (Apache2.2) - Apache

    Software Foundation - C:\Program

    Files (x86)\Common

    Files\Dell\apache\bin\httpd.exe
    O23 - Service: Apple Mobile Device

    (Apple Mobile Device) - Apple Inc.

    - C:\Program Files (x86)\Common

    Files\Apple\Mobile Device

    Support\AppleMobileDeviceService.ex

    e
    O23 - Service: WebEx Service Host

    for Support Center (atashost) -

    WebEx Communications, Inc. -

    C:\Windows\SysWOW64\atashost.exe
    O23 - Service: Ati External Event

    Utility (Ati External Event

    Utility) - ATI Technologies Inc. -

    C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service

    (Bonjour Service) - Apple Inc. -

    C:\Program Files (x86)

    \Bonjour\mDNSResponder.exe
    O23 - Service: CableAssociation

    (CableAssociation) - Wisair Ltd. -

    C:\Program Files (x86)\Wireless

    USB\Components\Association\CableAss

    ociation.exe
    O23 - Service: DCOM Server Process

    Launcher (DcomLaunch) - Unknown -
    O23 - Service: DisplayLinkManager

    (DisplayLinkService) - DisplayLink

    Corp. - C:\Program

    Files\DisplayLink Core

    Software\DisplayLinkManager.exe
    O23 - Service: Dock Login Service

    (DockLoginService) - Stardock

    Corporation - C:\Program

    Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Diagnostic Policy

    Service (DPS) - Unknown -
    O23 - Service: Dragon Service

    (DragonSvc) - Nuance

    Communications, Inc. - C:\Program

    Files (x86)\Common

    Files\Nuance\dgnsvc.exe
    O23 - Service: Remote Access DB

    (dsl-db) - Unknown - C:\Program

    Files (x86)\Common

    Files\Dell\MySQL\bin\mysqld.exe
    O23 - Service: Remote Access File

    Sync Service (dsl-fs-sync) -

    SingleClick Systems - C:\Program

    Files (x86)\Common

    Files\Dell\Remote Access File Sync

    Service\dsl_fs_sync.exe
    O23 - Service: Windows Media Center

    Service Launcher (ehstart) -

    Unknown - %windir%\system32

    \svchost.exe
    O23 - Service: FLEXnet Licensing

    Service (FLEXnet Licensing Service)

    - Macrovision Europe Ltd. -

    C:\Program Files (x86)\Common

    Files\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    O23 - Service: Group Policy Client

    (gpsvc) - Unknown -
    O23 - Service: Google Update

    Service (gupdate) (gupdate) -

    Google Inc. - C:\Program Files

    (x86)

    \Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update

    Service (gupdatem) (gupdatem) -

    Google Inc. - C:\Program Files

    (x86)

    \Google\Update\GoogleUpdate.exe
    O23 - Service: Advanced Networking

    Service (hnmsvc) - Dell Inc. -

    C:\Program Files (x86)\Common

    Files\Dell\Advanced Networking

    Service\hnm_svc.exe
    O23 - Service: Intel(R) Matrix

    Storage Event Monitor (IAANTMON) -

    Intel Corporation - C:\Program

    Files (x86)\Intel\Intel Matrix

    Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table

    Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files

    (x86)\Common

    Files\InstallShield\Driver\1050

    \Intel 32\IDriverT.exe
    O23 - Service: Windows CardSpace

    (idsvc) - Unknown - %systemroot%

    \Microsoft.NET\Framework64\v3.0

    \Windows Communication

    Foundation\infocard.exe
    O23 - Service: iPod Service (iPod

    Service) - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor

    (LVPrcS64) - Logitech Inc. -

    C:\Program Files\Common

    Files\Logishrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Net.Tcp Port Sharing

    Service (NetTcpPortSharing) -

    Unknown - %systemroot%

    \Microsoft.NET\Framework64\v3.0

    \Windows Communication

    Foundation\SMSvcHost.exe
    O23 - Service: Pure Networks

    Platform Service (nmservice) -

    Cisco Systems, Inc. - C:\Program

    Files (x86)\Common Files\Pure

    Networks Shared\Platform\nmsrvc.exe
    O23 - Service: PACE License

    Services (PaceLicenseDServices) -

    PACE Anti-Piracy, Inc. - C:\Program

    Files (x86)\Common

    Files\PACE\Services\LicenseServices

    \LDSvc.exe
    O23 - Service: Quality Windows

    Audio Video Experience (QWAVE) -

    Unknown - %windir%\system32

    \svchost.exe
    O23 - Service: Remote Packet

    Capture Protocol v.0 (experimental)

    (rpcapd) - Unknown - %ProgramFiles

    (x86)%\WinPcap\rpcapd.exe
    O23 - Service: Remote Procedure

    Call (RPC) (RpcSs) - Unknown -
    O23 - Service: Security Accounts

    Manager (SamSs) - Unknown -
    O23 - Service: SCM_Service

    (SCM_Service) - Unknown -

    C:\Windows\SysWOW64\WinService.exe
    O23 - Service: Secondary Logon

    (seclogon) - Unknown - %windir%

    \system32\svchost.exe
    O23 - Service: SupportSoft Sprocket

    Service (ddoctorv2)

    (sprtsvc_ddoctorv2) - SupportSoft,

    Inc. - C:\Program Files (x86)

    \Comcast\Desktop

    Doctor\bin\sprtsvc.exe
    O23 - Service: SupportSoft Sprocket

    Service (DellSupportCenter)

    (sprtsvc_DellSupportCenter) -

    SupportSoft, Inc. - C:\Program

    Files (x86)\Dell Support

    Center\bin\sprtsvc.exe
    O23 - Service: Distributed Link

    Tracking Client (TrkWks) - Unknown

    -
    O23 - Service: Windows Modules

    Installer (TrustedInstaller) -

    Unknown -
    O23 - Service: Diagnostic Service

    Host (WdiServiceHost) - Unknown -
    O23 - Service: Diagnostic System

    Host (WdiSystemHost) - Unknown -
    O23 - Service: Windows Media Player

    Network Sharing Service

    (WMPNetworkSvc) - Unknown - %

    ProgramFiles%\Windows Media

    Player\wmpnetwk.exe
    O23 - Service: IS360service

    (IS360service) - IObit - C:\Program

    Files (x86)\IObit\IObit Security

    360\IS360srv.exe

    -------------------


    Please feel free to contact me at Edit with any questions.

    As a first time malware analyzer, I appreciate your help.

    Best,

    Dr. Alan J. Lipman
    Last edited by tashi; 2011-05-11 at 18:59. Reason: Removed email address, spam magnet ;-)

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello lipmanaj,

    In case you missed it please see the FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide preliminary "DDS" logs which are used for analysis.
    "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

    Then start a new topic providing the DDS logs as shown in that sticky and a volunteer analyst will advise you when available.

    If DDS won't run and produce a log please start a new topic anyway and explain the situation.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •