Announcement

Announcement Module
Collapse
No announcement yet.

Please review this hijack analysis report

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Please review this hijack analysis report

    I bought an HP Pavilion laptop last month - it seems to be running more slowly, especially internet surfing. I am trying to speed it up by using ASC Pro. It could be the programs starting up automatically at start up, but not sure what to keep and what to disable. Anyway, below is a log that I would like someone to review - I think you can recommend that I delete some of these files.
    I would greatly appreciate any suggestions on how to speed up my computer. My son and husband have older laptops that are faster while surfing the net - takes a while for web pages to open on mine, and a long time to open a link from within a link - sometimes I have to cut and paste it into a new tab to open.


    Logfile of Advanced SystemCare 3 Security Analyzer
    Scan saved at 10:26:08 AM, on 11/27/2009
    Platform: Windows Vista (WinNT 6.1)
    MSIE: Internet Explorer v8.0 (8.0.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 3\Awc.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} -
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} -
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1ca6d3272760393) (gupdate1ca6d3272760393) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

  • #2
    I have found Malware in the LiveSearch Toolbar before. But you will have to have someone else to tell you about the others.

    Comment


    • #3
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

      I think that is not something good.
      But don't rely on my comment, but I do think its not good
      Do not dream your life, but live your dream!

      Comment


      • #4
        The Bho can be fixed.

        The BHO blacksea refers to can definitely be fixed.

        You have many duplicate entries.

        Something seems odd about your Kaspersky as well... too many entries. One analyzer I ran your log on identified one of the Kaspersky entries as a possible mutobo troajan infection, but I think it was mistaken.

        Odd that they are running twice?? Can't explain... hope Enoskype looks at this one!!


        Comment


        • #5
          You may consider this as well.

          It appears you weren't running Iobit Smart Ram when you made this log. I don't know if you use it or not, but consider using it, as it is a powerful tool!

          It is located in the utilities section of Advanced System Care.

          I wonder how much RAM is on your machine as well?


          Comment


          • #6
            As already mentioned,

            O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

            can be removed.

            O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll is AOL related. If AOL is not your ISP, you can remove it. More info HERE.

            Please update Java HERE.

            Comment


            • #7
              Hi Melvin Deal,

              The changes below are only suggestions.

              It is better to look to HijackThis report of IS360.

              As HijackThis can not see the Rootkits, a scan with an Anti-Rootkit such as Sophos free will be helpful.
              The OS, I suppose, is Windows7. So, there is not much to do with the TCP adjustments.

              A list of Startup items will be helpful also.

              ----------------------------------------
              Stop all activities of hpqToaster.exe for local and internet connection
              C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

              Delete
              O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

              Disable
              O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

              Update
              Java Plug-in 1.6.0_15 to Java Plug-in 1.6.0_17

              If you have Adobe Reader, update it to 9.2.

              Change the services to Manual
              O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
              O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
              O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
              O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

              Also checking and comparing the services in Black Viper for Win7 services, and applying some of the suggestions there will increase the useful resources for the user.

              Cheers.
              enoskype

              - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

              Comment


              • #8
                Originally posted by enoskype View Post
                The OS, I suppose, is Windows7.
                Logfile of Advanced SystemCare 3 Security Analyzer
                Scan saved at 10:26:08 AM, on 11/27/2009
                Platform: Windows Vista (WinNT 6.1)
                MSIE: Internet Explorer v8.0 (8.0.7600.16385)
                Boot mode: Normal


                Same difference regarding TCP/IP adjustments.

                Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.

                Comment


                • #9
                  Originally posted by enoskype View Post
                  The OS, I suppose, is Windows7.
                  Originally posted by danburrito View Post
                  Logfile of Advanced SystemCare 3 Security Analyzer
                  Scan saved at 10:26:08 AM, on 11/27/2009
                  Platform: Windows Vista (WinNT 6.1)
                  MSIE: Internet Explorer v8.0 (8.0.7600.16385)
                  Boot mode: Normal

                  Same difference regarding TCP/IP adjustments.

                  Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.

                  Hi danburrito,

                  FYI,
                  ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.
                  That's why I said, "I suppose". :lol:

                  HijackThis report of IS360 doesn't give any information about the OS though.

                  BTW,
                  Windows NT 6.0 refers to these releases of Microsoft Windows operating systems:
                  Windows Vista
                  Windows Server 2008
                  Windows Small Business Server 2008

                  Windows NT 6.1 refers to these versions of Microsoft Windows operating systems:
                  Windows 7
                  Windows Server 2008 R2

                  Also 7600 and 7229 are the Build numbers for Windows 7 where the IE8 is installed.

                  Have a look at the attachment for my Windows 7 RC 7229 taken 5 minutes ago.




                  Cheers.:grin:
                  Attached Files
                  enoskype

                  - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                  Comment


                  • #10
                    Originally posted by enoskype View Post
                    ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.
                    :shock: Now, that's something.

                    Comment


                    • #11
                      Actually O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) you don't need to fix this. It is a Windows Live Messenger addon.
                      Do not dream your life, but live your dream!

                      Comment


                      • #12
                        Originally posted by blacksea View Post
                        Actually O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) you don't need to fix this. It is a Windows Live Messenger addon.
                        Which is non-existent anymore, hence the (no file) part.

                        Comment


                        • #13
                          Please review this hijack analysis r

                          Hi,

                          i want to mak a report with all actors and than export them.

                          In the ready made reports are always only sewen actors, and if i use the report builder, in the column "actors" will be shown also sewen actors.

                          can soemody help me?

                          thanks,

                          mediamiki

                          Comment


                          • #14
                            Dear AleksanderII, VulCan, Stephan, brhm, mediamiki,

                            Yes, I am going to help you now, wait a minute. :twisted:

                            Cheers.
                            enoskype

                            - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                            Comment

                            Working...
                            X