Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Any Threats Here??


sderouen

Recommended Posts

Posted

Just downloaded and ran IObit Security 360. I'm seeing a few things I'm unsure of and hoped for some help. Any advice is appreciated.

 

 

Logfile of IObit HijackScan v0.2.0.0

Scan saved at 11:43:28, on 2009-10-20

 

Running processes:

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\PROGRA~2\AVG\AVG8\avgemc.exe

C:\PROGRA~2\AVG\AVG8\avgemc.exe

C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360.exe

C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe

C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Unknown - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [googletalk] C:\Users\DeRouen\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_15 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Java Plug-in 1.6.0_15 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_15 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

O23 - Service: Andrea RT Filters Service - Andrea Electronics Corporation - C:\Windows\system32\AERTSr64.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: DCOM Server Process Launcher - Unknown -

O23 - Service: Dock Login Service - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Diagnostic Policy Service - Unknown -

O23 - Service: Windows Media Center Service Launcher - Unknown - %windir%\system32\svchost.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Group Policy Client - Unknown -

O23 - Service: Windows CardSpace - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: Net.Tcp Port Sharing Service - Unknown - %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) - Unknown -

O23 - Service: Security Accounts Manager - Unknown -

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

O23 - Service: SoftThinks Agent Service - Unknown - C:\WINDOWS\SMINST\sftservice.EXE

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Distributed Link Tracking Client - Unknown -

O23 - Service: Windows Modules Installer - Unknown -

O23 - Service: Diagnostic Service Host - Unknown -

O23 - Service: Diagnostic System Host - Unknown -

O23 - Service: Windows Media Player Network Sharing Service - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: IS360service - IObit - C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe

Posted

Thank you for your response. I did not find the file in the location you gave but after doing a search, did locate the program here... C:\Drivers\audio I uploaded the file as you instructed and these are the results. Forgive my ignorance, but I'm still unsure what to do.

 

 

 

Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.10.21 -

AhnLab-V3 5.0.0.2 2009.10.21 -

AntiVir 7.9.1.42 2009.10.21 -

Antiy-AVL 2.0.3.7 2009.10.21 -

Authentium 5.1.2.4 2009.10.21 -

Avast 4.8.1351.0 2009.10.20 -

AVG 8.5.0.420 2009.10.20 -

BitDefender 7.2 2009.10.21 -

CAT-QuickHeal 10.00 2009.10.21 -

ClamAV 0.94.1 2009.10.21 -

Comodo 2680 2009.10.21 -

DrWeb 5.0.0.12182 2009.10.21 -

eSafe 7.0.17.0 2009.10.21 -

eTrust-Vet 35.1.7077 2009.10.21 -

F-Prot 4.5.1.85 2009.10.21 -

F-Secure 9.0.15300.0 2009.10.20 -

Fortinet 3.120.0.0 2009.10.21 -

GData 19 2009.10.21 -

Ikarus T3.1.1.72.0 2009.10.21 -

Jiangmin 11.0.800 2009.10.21 -

K7AntiVirus 7.10.876 2009.10.21 -

Kaspersky 7.0.0.125 2009.10.21 -

McAfee 5778 2009.10.21 -

McAfee+Artemis 5778 2009.10.21 -

McAfee-GW-Edition 6.8.5 2009.10.21 -

Microsoft 1.5101 2009.10.21 -

NOD32 4530 2009.10.21 -

Norman 6.03.02 2009.10.21 -

nProtect 2009.1.8.0 2009.10.21 -

Panda 10.0.2.2 2009.10.20 -

PCTools 4.4.2.0 2009.10.19 -

Prevx 3.0 2009.10.21 -

Rising 21.52.24.00 2009.10.21 -

Sophos 4.46.0 2009.10.21 -

Sunbelt 3.2.1858.2 2009.10.21 -

Symantec 1.4.4.12 2009.10.21 -

TheHacker 6.5.0.2.049 2009.10.20 -

TrendMicro 8.950.0.1094 2009.10.21 -

VBA32 3.12.10.11 2009.10.20 -

ViRobot 2009.10.21.1999 2009.10.21 -

VirusBuster 4.6.5.0 2009.10.21 -

Additional information

File size: 86016 bytes

MD5...: 0d7a11395c0a33d9e7587cdb9866efad

SHA1..: bcde9425237b1f49ec6dd60fed2d0a1c7641bfb0

SHA256: 2cd8e485b104f89fc2436fc38fe5152d076782f39d67b99c8ca9df33b2cb43e6

ssdeep: 1536:nu5k3c4FlSWwww1ACG5rorqOFdSZ7RJGQILxYyAmBn5mQXgh:nu5k7FYWww

w1ACgkrqOFdgcLxYyAqn5w

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x4480

timedatestamp.....: 0x47b5ccec (Fri Feb 15 17:33:32 2008)

machinetype.......: 0x8664 (AMD64)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xdbbe 0xdc00 6.26 8b47c7c767499dd52e0cd94024d60322

.rdata 0xf000 0x4572 0x4600 5.44 a7663678fea0afb14f1ed31171224f63

.data 0x14000 0x37c8 0x1600 1.98 7f946bdcc6d753064443a806b21f83f1

.pdata 0x18000 0xcb4 0xe00 4.58 f06b1fcec0807c0db3eb2f5eef7ca9e0

.rsrc 0x19000 0x444 0x600 4.16 799d18c106a6ae9042c96749a3a33dca

 

( 2 imports )

> ADVAPI32.dll: RegEnumKeyExA, RegOpenKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, DeleteService, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, RegisterEventSourceA, ReportEventA, DeregisterEventSource, CreateServiceA, ControlService, QueryServiceStatus, ConvertStringSecurityDescriptorToSecurityDescriptorA, InitializeSecurityDescriptor

> KERNEL32.dll: SetFilePointer, GetModuleHandleA, GetModuleFileNameA, lstrlenA, CreateEventA, SetEvent, WaitForSingleObject, CloseHandle, Sleep, WriteFile, CreateFileA, GetLastError, WaitForMultipleObjects, GetLocalTime, GetDateFormatA, GetTimeFormatA, MultiByteToWideChar, SetConsoleCtrlHandler, FormatMessageA, LocalFree, CreateNamedPipeA, ResetEvent, ConnectNamedPipe, ReadFile, GetOverlappedResult, DisconnectNamedPipe, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, HeapFree, HeapReAlloc, HeapAlloc, GetProcAddress, ExitProcess, GetCommandLineA, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, HeapSetInformation, HeapCreate, HeapSize, GetCPInfo, GetOEMCP, IsValidCodePage, FlsGetValue, FlsSetValue, TlsFree, FlsFree, SetLastError, GetCurrentThreadId, FlsAlloc, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, DeleteCriticalSection, LoadLibraryA, InitializeCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win64 Executable Generic (95.5%)

Generic Win/DOS Executable (2.2%)

DOS Executable Generic (2.2%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Andrea Electronics Corporation

copyright....: Copyright 2007-2008 © Andrea Electronics Corporation. All rights reserved.

product......: APO Access Service (64-bit)

description..: Andrea filters APO access service (64-bit)

original name: AERTSr64.exe

internal name: n/a

file version.: 1.0.64.2

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Posted

I need you to upload it from the location specified as that is where it is located on your log.

 

Please just copy and paste ""C:\Windows\system32\AERTSr64.exe" into the location bar in the browser of VirusTotal. This will automatically navigate to the file and upload it.

Posted

I'm sorry to be a nuisance, and I'm trying my best to follow your instructions. VirusTotal won't allow cut/paste nor can I type the location manually. Emailing the file is not possible as the file just isn't there. I ran another scan, and it also shows the file as present in that location. I do have my computer set up to show hidden files. I'm at a loss. Any suggestions?

Posted

Thank you! The file has appeared! Now bear with me please. In attempting to upload the file to VirusTotal, the file disappears again. Using their Virus Total Uploader doesn't work as when I click on the file, I get an error message that the file isn't found. I was able to send the file thru my mail client. These are the results from that scan...

 

Complete scanning result of "AERTSr64.exe", processed in VirusTotal at 10/23/2009 15:33:07 (CET).

 

[ file data ]

* name..: AERTSr64.exe

* size..: 86016

* md5...: 0d7a11395c0a33d9e7587cdb9866efad

* sha1..: bcde9425237b1f49ec6dd60fed2d0a1c7641bfb0

* peid..: -

 

[ scan result ]

a-squared 4.5.0.41/20091023 found nothing

AhnLab-V3 5.0.0.2/20091023 found nothing

AntiVir 7.9.1.44/20091023 found nothing

Antiy-AVL 2.0.3.7/20091023 found nothing

Authentium 5.1.2.4/20091023 found nothing

Avast 4.8.1351.0/20091022 found nothing

AVG 8.5.0.423/20091023 found nothing

BitDefender 7.2/20091023 found nothing

CAT-QuickHeal 10.00/20091023 found nothing

ClamAV 0.94.1/20091023 found nothing

Comodo 2703/20091023 found nothing

DrWeb 5.0.0.12182/20091023 found nothing

eSafe 7.0.17.0/20091022 found nothing

eTrust-Vet 35.1.7081/20091023 found nothing

F-Prot 4.5.1.85/20091022 found nothing

F-Secure 9.0.15370.0/20091022 found nothing

Fortinet 3.120.0.0/20091023 found nothing

GData 19/20091023 found nothing

Ikarus T3.1.1.72.0/20091023 found nothing

Jiangmin 11.0.800/20091023 found nothing

K7AntiVirus 7.10.878/20091023 found nothing

Kaspersky 7.0.0.125/20091023 found nothing

McAfee 5779/20091022 found nothing

McAfee+Artemis 5779/20091022 found nothing

McAfee-GW-Edition 6.8.5/20091023 found nothing

Microsoft 1.5202/20091023 found nothing

NOD32 4536/20091023 found nothing

Norman 6.03.02/20091022 found nothing

nProtect 2009.1.8.0/20091023 found nothing

Panda 10.0.2.2/20091022 found nothing

PCTools 4.4.2.0/20091019 found nothing

Prevx 3.0/20091023 found nothing

Rising 21.52.44.00/20091023 found nothing

Sophos 4.46.0/20091023 found nothing

Sunbelt 3.2.1858.2/20091023 found nothing

Symantec 1.4.4.12/20091023 found nothing

TheHacker 6.5.0.2.051/20091022 found nothing

TrendMicro 8.950.0.1094/20091023 found nothing

VBA32 3.12.10.11/20091022 found nothing

ViRobot 2009.10.23.2003/20091023 found nothing

VirusBuster 4.6.5.0/20091022 found nothing

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...