Hijack Analysis Log File Posted--Running Vista 64 Home Premium

[lipmanaj]

Hello, and thanks for your board.

I am running a Dell Studio XPS 9000 with OS Vista Home Premium SP 2. From Speccy:

Operating System
MS Windows Vista Home Premium 64-bit SP2
CPU
Intel Core i7 920 @ 2.67GHz 61 °C
Bloomfield 45nm Technology
RAM
12.0GB Triple-Channel DDR3 @ 532MHz (7-7-7-20)
Motherboard
DELL Inc. 0X501H (CPU 1)
Graphics
DELL S2409W (1024x768@75Hz)
1024MB ATI Radeon HD 4800 Series (ATI)
Hard Drives
977GB SAMSUNG SAMSUNG HD103UJ (SATA) 36 °C
1465GB Seagate ST31500341AS (SATA) 40 °C
Optical Drives
HL-DT-ST BD-RE BH20N
Audio
High Definition Audio Device
--
The performance has been notably slower of late. Hard drives have plenty of room, as does RAM. I suspect Malware.

Below is the logfile, run today. Interestingly, I ran Hijack This first, but HT would not generate a logfile--just a blank notepad page. iObitSecurity360 was thus used--100% compatible with HT and HT forums:


Running processes:

O2 - BHO: SnagIt Toolbar Loader -

{00C6482D-C502-44C8-8409-

FCE54AD9C208} - C:\Program Files

(x86)\TechSmith\Snagit 10

\SnagitBHO.dll
O2 - BHO: Adobe PDF Link Helper -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files

(x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEH

elperShim.dll
O3 - Toolbar: - {47833539-D0C5-

4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: Snagit - {8FF5E183-

ABDE-46EB-B09E-D2AAB95CABE3} -

C:\Program Files (x86)

\TechSmith\Snagit 10

\SnagitIEAddin.dll
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [ehTray.exe]

C:\Windows\ehome\ehTray.exe
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [Advanced

SystemCare 4] "C:\Program Files

(x86)\IObit\Advanced SystemCare 4

\ASCTray.exe"
O4 -

HKCU|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [Google Update]

"C:\Users\user\AppData\Local\Google

\Update\GoogleUpdate.exe" /c
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [avgnt]

"C:\Program Files (x86)

\Avira\AntiVir Desktop\avgnt.exe"

/min
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\:

[dellsupportcenter] "C:\Program

Files (x86)\Dell Support

Center\bin\sprtcmd.exe" /P

dellsupportcenter
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\:

[SunJavaUpdateSched] "C:\Program

Files (x86)\Common Files\Java\Java

Update\jusched.exe"
O4 -

HKLM|\Software\Microsoft\Windows\Cu

rrentVersion\Run\: [IObit Security

360] "C:\Program Files (x86)

\IObit\IObit Security 360

\IS360tray.exe" /autostart
O8 - Extra context menu item:

Append Link Target to Existing PDF

- res://C:\Program Files (x86)

\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIEAppendSelLinks.h

tml
O8 - Extra context menu item:

Append to Existing PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIEAppend.html
O8 - Extra context menu item:

Convert Link Target to Adobe PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIECaptureSelLinks.

html
O8 - Extra context menu item:

Convert to Adobe PDF -

res://C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEF

avClient.dll/AcroIECapture.html
O16 - DPF: {49312E18-AA92-4CC2-

BB97-55DEA7BCADD6}SysPro.WMI.1 -

http://support.dell.com/systemprofi

ler/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-

B3E9-00805F499D93}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-

0007-ABCDEFFEDCBA}Java Plug-in

1.6.0_07 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-

0024-ABCDEFFEDCBA}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-

FFFF-ABCDEFFEDCBA}Java Plug-in

1.6.0_24 -

http://java.sun.com/update/1.6.0/ji

nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-

ABA6-0060082AA75C}

GpcContainer.GpcContainer.1 -
O23 - Service: Adobe LM Service

(Adobe LM Service) - Adobe Systems

- C:\Program Files (x86)\Common

Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File

Monitor V5

(AdobeActiveFileMonitor5.0) -

Unknown - C:\Program Files (x86)

\Adobe\Photoshop Elements 5.0

\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File

Monitor V9

(AdobeActiveFileMonitor9.0) - Adobe

Systems Incorporated - C:\Program

Files (x86)\Adobe\Elements 9

Organizer\PhotoshopElementsFileAgen

t.exe
O23 - Service: Advanced SystemCare

Service (AdvancedSystemCareService)

- IObit - C:\Program Files (x86)

\IObit\Advanced SystemCare 4

\ASCService.exe
O23 - Service: Avira AntiVir

Scheduler (AntiVirSchedulerService)

- Avira GmbH - C:\Program Files

(x86)\Avira\AntiVir

Desktop\sched.exe
O23 - Service: Avira AntiVir Guard

(AntiVirService) - Avira GmbH -

C:\Program Files (x86)

\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Remote Access Media

Server (Apache2.2) - Apache

Software Foundation - C:\Program

Files (x86)\Common

Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device

(Apple Mobile Device) - Apple Inc.

- C:\Program Files (x86)\Common

Files\Apple\Mobile Device

Support\AppleMobileDeviceService.ex

e
O23 - Service: WebEx Service Host

for Support Center (atashost) -

WebEx Communications, Inc. -

C:\Windows\SysWOW64\atashost.exe
O23 - Service: Ati External Event

Utility (Ati External Event

Utility) - ATI Technologies Inc. -

C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service

(Bonjour Service) - Apple Inc. -

C:\Program Files (x86)

\Bonjour\mDNSResponder.exe
O23 - Service: CableAssociation

(CableAssociation) - Wisair Ltd. -

C:\Program Files (x86)\Wireless

USB\Components\Association\CableAss

ociation.exe
O23 - Service: DCOM Server Process

Launcher (DcomLaunch) - Unknown -
O23 - Service: DisplayLinkManager

(DisplayLinkService) - DisplayLink

Corp. - C:\Program

Files\DisplayLink Core

Software\DisplayLinkManager.exe
O23 - Service: Dock Login Service

(DockLoginService) - Stardock

Corporation - C:\Program

Files\Dell\DellDock\DockLogin.exe
O23 - Service: Diagnostic Policy

Service (DPS) - Unknown -
O23 - Service: Dragon Service

(DragonSvc) - Nuance

Communications, Inc. - C:\Program

Files (x86)\Common

Files\Nuance\dgnsvc.exe
O23 - Service: Remote Access DB

(dsl-db) - Unknown - C:\Program

Files (x86)\Common

Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File

Sync Service (dsl-fs-sync) -

SingleClick Systems - C:\Program

Files (x86)\Common

Files\Dell\Remote Access File Sync

Service\dsl_fs_sync.exe
O23 - Service: Windows Media Center

Service Launcher (ehstart) -

Unknown - %windir%\system32

\svchost.exe
O23 - Service: FLEXnet Licensing

Service (FLEXnet Licensing Service)

- Macrovision Europe Ltd. -

C:\Program Files (x86)\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Group Policy Client

(gpsvc) - Unknown -
O23 - Service: Google Update

Service (gupdate) (gupdate) -

Google Inc. - C:\Program Files

(x86)

\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update

Service (gupdatem) (gupdatem) -

Google Inc. - C:\Program Files

(x86)

\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking

Service (hnmsvc) - Dell Inc. -

C:\Program Files (x86)\Common

Files\Dell\Advanced Networking

Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix

Storage Event Monitor (IAANTMON) -

Intel Corporation - C:\Program

Files (x86)\Intel\Intel Matrix

Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files

(x86)\Common

Files\InstallShield\Driver\1050

\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace

(idsvc) - Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0

\Windows Communication

Foundation\infocard.exe
O23 - Service: iPod Service (iPod

Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor

(LVPrcS64) - Logitech Inc. -

C:\Program Files\Common

Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Net.Tcp Port Sharing

Service (NetTcpPortSharing) -

Unknown - %systemroot%

\Microsoft.NET\Framework64\v3.0

\Windows Communication

Foundation\SMSvcHost.exe
O23 - Service: Pure Networks

Platform Service (nmservice) -

Cisco Systems, Inc. - C:\Program

Files (x86)\Common Files\Pure

Networks Shared\Platform\nmsrvc.exe
O23 - Service: PACE License

Services (PaceLicenseDServices) -

PACE Anti-Piracy, Inc. - C:\Program

Files (x86)\Common

Files\PACE\Services\LicenseServices

\LDSvc.exe
O23 - Service: Quality Windows

Audio Video Experience (QWAVE) -

Unknown - %windir%\system32

\svchost.exe
O23 - Service: Remote Packet

Capture Protocol v.0 (experimental)

(rpcapd) - Unknown - %ProgramFiles

(x86)%\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure

Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts

Manager (SamSs) - Unknown -
O23 - Service: SCM_Service

(SCM_Service) - Unknown -

C:\Windows\SysWOW64\WinService.exe
O23 - Service: Secondary Logon

(seclogon) - Unknown - %windir%

\system32\svchost.exe
O23 - Service: SupportSoft Sprocket

Service (ddoctorv2)

(sprtsvc_ddoctorv2) - SupportSoft,

Inc. - C:\Program Files (x86)

\Comcast\Desktop

Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket

Service (DellSupportCenter)

(sprtsvc_DellSupportCenter) -

SupportSoft, Inc. - C:\Program

Files (x86)\Dell Support

Center\bin\sprtsvc.exe
O23 - Service: Distributed Link

Tracking Client (TrkWks) - Unknown

-
O23 - Service: Windows Modules

Installer (TrustedInstaller) -

Unknown -
O23 - Service: Diagnostic Service

Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System

Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player

Network Sharing Service

(WMPNetworkSvc) - Unknown - %

ProgramFiles%\Windows Media

Player\wmpnetwk.exe
O23 - Service: IS360service

(IS360service) - IObit - C:\Program

Files (x86)\IObit\IObit Security

360\IS360srv.exe

-------------------


Please feel free to contact me at Edit with any questions.

As a first time malware analyzer, I appreciate your help.

Best,

Dr. Alan J. Lipman