Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Please review this Hijack Analysis report...TIA


ken98st

Recommended Posts

Hi,

This my first post so please be gentle with me, lol. I have just ran my first Hijack Analysis report and it gave me suggestions to fix. Not sure which to fix... so I have copied the report if anyone can help me out it would be greatly appreciated.

 

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 10:07:30 AM, on 02/02/2010

Platform: Windows 2000 (WinNT 5.0)

MSIE: Internet Explorer v6.0 (6.0.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hidserv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\AOL\1238701813\ee\AOLSoftware.exe

C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\DSL Speed\DSL Speed V4.6\Dslx2.exe

C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AcroIEHelperStub - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: NAV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Wireless Keyboard and Laser Mouse\mouse32a.exe

O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Wireless Keyboard and Laser Mouse\kbdap32a.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1238701813\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm

O9 - Extra button: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

O9 - Extra button: Real.com Explorer Bar - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\SHDOCVW.DLL

O16 - DPF: {1FB464C8-09BB-4017-A2F5-EB742F04392F} (Microsoft Terminal Services Control (redist)) - http://216.136.31.187/mstscax.cab

O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

O16 - DPF: {3498C972-FC11-11D2-A05D-00A0C90DC755} (FarPoint TabPro) - https://crestedg.coldwellbanker.com/cgi-bin/Tab32x30.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238541056980

O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://216.136.31.187/msrdp.cab

O16 - DPF: {961064F8-5135-11D5-A69D-00C04FAC63A2} (EDGReportControl.UserControl1) - https://crestedg.coldwellbanker.com/cgi-bin/EDGReportControl.ocx

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38124.4760648148

O16 - DPF: {B02F3641-766B-11CE-AF28-C3A2FBE76A13} (FarPoint Spreadsheet Control) - https://crestedg.coldwellbanker.com/cgi-bin/ss32x25.ocx

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://riverbelle.microgaming.com/riverbelle/FlashAX.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

 

 

Thanks for your time and effort,

ken98st

Link to comment
Share on other sites

Hi ken98st,

 

Open http://www.hijackthis.de/ web page and copy and paste your HijacjThis analysis report content under

You can paste a logfile in this textbox

into the box.

Click Analyze button and wait for the analysis.

 

Study the analysis report and the guests' suggestions there.

 

There maybe other users who may comment on your report.

 

If anything nasty is found, I suggest you to go to a specialized forum for HijackThis analysis reports.

 

Cheers.

Link to comment
Share on other sites

A/V to go in that order.

 

Well IE6 had a lot of vulnarabilities so it is advisable to update it.

 

I don't know that coldwellbanker thing, although it is a secure site I don't know riverbelle.microgaming.com, etc..

 

Again, if you have some complaints, you have to point out those, and go to a specialist forum.

 

Cheers.

Link to comment
Share on other sites

Hi guys ;

 

I don't see anything bad in that log. That said, "Hijack" whatever ("Scan" or "This") can't see everthing anyway, so symptoms are better than those logs if an infection is present.

 

Well, I do see something bad, but it's not an infection : enoskype mentionned IE6 and he's right about the fact that it is a very vulnerable browser. Problem here is Windows 2000, which is not compatible with IE8 nor with the previous IE7. Even if you use another browser (FireFox or Opera for example), exploits can still jump across to IE6 even if you don't use it.

 

Windows 2000 is no longer supported by Microsoft and is considered a "dead" operating system. There haven't been any updates for it in quite some time and there won't be any new ones (ever). It is a vulnerable machine because of that.

 

Time for a new system (new machine too, probably). You can keep Win2000 going if you'd like, but that would mean no surfing ;) (too risky).

 

====

Link to comment
Share on other sites

Don't see anything either.

 

I see nothing nasty, maybe a little clutter.

 

So_sad is dead on abjout the risk. Certainly if you go surfing around with no A/V or real firewall!

 

As Solbjerg said: A/V in order. Try Avira first and if you don't like go Avast. But have only one on your machine at a time!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...