Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit Security Software > IObit Security Softwares General Discussions > IObit Security 360
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

IObit Security 360 If your computer has been infected, please do not hesitate to post your Hijack Scan Logs, we have malware experts help you be out of infections.

Reply
 
Thread Tools Display Modes
  #1  
Old Nov. 27th, 2009, 23:46
lgbpatent lgbpatent is offline
Junior Member
 
Join Date: 27 Nov 2009
Posts: 1
Default Please review this hijack analysis report

I bought an HP Pavilion laptop last month - it seems to be running more slowly, especially internet surfing. I am trying to speed it up by using ASC Pro. It could be the programs starting up automatically at start up, but not sure what to keep and what to disable. Anyway, below is a log that I would like someone to review - I think you can recommend that I delete some of these files.
I would greatly appreciate any suggestions on how to speed up my computer. My son and husband have older laptops that are faster while surfing the net - takes a while for web pages to open on mine, and a long time to open a link from within a link - sometimes I have to cut and paste it into a new tab to open.


Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 10:26:08 AM, on 11/27/2009
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\Awc.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} -
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca6d3272760393) (gupdate1ca6d3272760393) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
Reply With Quote
  #2  
Old Nov. 28th, 2009, 00:05
Mongoose's Avatar
Mongoose Mongoose is offline
IObit Golden Fan
 
Join Date: 10 Apr 2009
Posts: 232
Default

I have found Malware in the LiveSearch Toolbar before. But you will have to have someone else to tell you about the others.
Reply With Quote
  #3  
Old Dec. 4th, 2009, 17:12
blacksea's Avatar
blacksea blacksea is offline
Expert User
 
Join Date: 07 May 2009
Posts: 447
Default

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

I think that is not something good.
But don't rely on my comment, but I do think its not good
Reply With Quote
  #4  
Old Dec. 4th, 2009, 17:55
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default The Bho can be fixed.

The BHO blacksea refers to can definitely be fixed.

You have many duplicate entries.

Something seems odd about your Kaspersky as well... too many entries. One analyzer I ran your log on identified one of the Kaspersky entries as a possible mutobo troajan infection, but I think it was mistaken.

Odd that they are running twice?? Can't explain... hope Enoskype looks at this one!!
Reply With Quote
  #5  
Old Dec. 4th, 2009, 18:35
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default You may consider this as well.

It appears you weren't running Iobit Smart Ram when you made this log. I don't know if you use it or not, but consider using it, as it is a powerful tool!

It is located in the utilities section of Advanced System Care.

I wonder how much RAM is on your machine as well?
Reply With Quote
  #6  
Old Dec. 4th, 2009, 20:13
danburrito's Avatar
danburrito danburrito is offline
Expert User
 
Join Date: 11 Jan 2009
Posts: 304
Default

As already mentioned,

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

can be removed.

O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll is AOL related. If AOL is not your ISP, you can remove it. More info HERE.

Please update Java HERE.
Reply With Quote
  #7  
Old Dec. 4th, 2009, 20:51
enoskype's Avatar
enoskype enoskype is offline
Mediator®
 
Join Date: 27 Oct 2006
Posts: 10,277
Default

Hi Melvin Deal,

The changes below are only suggestions.

It is better to look to HijackThis report of IS360.

As HijackThis can not see the Rootkits, a scan with an Anti-Rootkit such as Sophos free will be helpful.
The OS, I suppose, is Windows7. So, there is not much to do with the TCP adjustments.

A list of Startup items will be helpful also.

----------------------------------------
Stop all activities of hpqToaster.exe for local and internet connection
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

Delete
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Disable
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

Update
Java Plug-in 1.6.0_15 to Java Plug-in 1.6.0_17

If you have Adobe Reader, update it to 9.2.

Change the services to Manual
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GameConsoleService (gpsvc) - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

Also checking and comparing the services in Black Viper for Win7 services, and applying some of the suggestions there will increase the useful resources for the user.

Cheers.
__________________
enoskype

- Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -
Reply With Quote
  #8  
Old Dec. 4th, 2009, 21:02
danburrito's Avatar
danburrito danburrito is offline
Expert User
 
Join Date: 11 Jan 2009
Posts: 304
Default

Quote:
Originally Posted by enoskype View Post
The OS, I suppose, is Windows7.
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 10:26:08 AM, on 11/27/2009
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7600.16385)
Boot mode: Normal


Same difference regarding TCP/IP adjustments.

Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.
Reply With Quote
  #9  
Old Dec. 4th, 2009, 21:43
enoskype's Avatar
enoskype enoskype is offline
Mediator®
 
Join Date: 27 Oct 2006
Posts: 10,277
Default

Quote:
Originally Posted by enoskype View Post
The OS, I suppose, is Windows7.
Quote:
Originally Posted by danburrito View Post
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 10:26:08 AM, on 11/27/2009
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7600.16385)
Boot mode: Normal

Same difference regarding TCP/IP adjustments.

Slow website browsing in IE8 could be dependend on the SmartScreen Filter which checks for phishing websites.

Hi danburrito,

FYI,
ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.
That's why I said, "I suppose".

HijackThis report of IS360 doesn't give any information about the OS though.

BTW,
Windows NT 6.0 refers to these releases of Microsoft Windows operating systems:
Windows Vista
Windows Server 2008
Windows Small Business Server 2008

Windows NT 6.1 refers to these versions of Microsoft Windows operating systems:
Windows 7
Windows Server 2008 R2

Also 7600 and 7229 are the Build numbers for Windows 7 where the IE8 is installed.

Have a look at the attachment for my Windows 7 RC 7229 taken 5 minutes ago.




Cheers.
Attached Thumbnails
Click image for larger version

Name:	HjTs.jpg
Views:	222
Size:	31.5 KB
ID:	2968  
__________________
enoskype

- Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -
Reply With Quote
  #10  
Old Dec. 4th, 2009, 21:48
danburrito's Avatar
danburrito danburrito is offline
Expert User
 
Join Date: 11 Jan 2009
Posts: 304
Default

Quote:
Originally Posted by enoskype View Post
ASC's HijackThis Report does not recognize Windows7 and reports as Windows Vista.
Now, that's something.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Get FREE Online Help



Free Download IObit Products




Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijack Report Log TheDuchess3 IObit Security 360 1 Nov. 27th, 2009 15:46
How does my Hijack report look? MMP0703 IObit Security 360 2 Oct. 5th, 2009 03:53
HiJack Report from the Security Analyzer SW1 ASC General Discussions 1 Apr. 23rd, 2009 09:49
Review and/or Rollback System Optimization Changes vrgulnik ASC General Discussions 3 Jan. 23rd, 2008 11:56


All times are GMT +0. The time now is 03:42.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.