Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

advice on this hijack this log please


nial

Recommended Posts

Logfile of IObit HijackScan v1.0.0.0

Scan saved at 0:46:52, on 2010-3-21

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Returnil\RVS3\rvsgui.exe

C:\Program Files\SPC\Skyp-dect dual\Skyp-dect dual v1.2.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Returnil\RVS3\rvsmon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files\The_Pirate_Bay\toolbar.ni.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files\The_Pirate_Bay\toolbar.ni.dll

O3 - Toolbar: myBabylon English4 Toolbar - {fc600575-3013-4e8e-941c-4b00dafce730} - C:\Program Files\myBabylon_English4\tbmyB0.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: eBay - Compra, vende y diviértete - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/1185-44560-9400-3/4

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_17 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility (Ati External Event Utility) - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Iniciador del Servicio de Windows Media Center (ehstart) - Unknown - %windir%\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Servicio de uso compartido de puertos Net.Tcp (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Experiencia de calidad de audio y vídeo de Windows (qWave) (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\Windows\system32\Returnil\RVS3\rvsmon.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1\RpcAgentSrv.exe

O23 - Service: Inicio de sesión secundario (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

Link to comment
Share on other sites

Hi nial,

 

My preference and advice would be the following.

 

Check the following for deletion:

 

O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files\The_Pirate_Bay\toolbar.ni.dll

 

O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - C:\Program Files\The_Pirate_Bay\toolbar.ni.dll

 

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

 

O23 - Service: Iniciador del Servicio de Windows Media Center (ehstart) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Experiencia de calidad de audio y vídeo de Windows (qWave) (QWAVE) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Inicio de sesión secundario (seclogon) - Unknown - %windir%\system32\svchost.exe

 

Update Java 1.6.0_17 to 1.6.0_18, and use JavaRa to get rid of the clutter of old Java.

 

Check your Adobe, and if it is not version 9.3.1, update it to that version.

 

Cheers.

Link to comment
Share on other sites

Hi enoskype ;-)

 

The O23 lines are legitimate Windows Services :

O23 - Service: Iniciador del Servicio de Windows Media Center (ehstart) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Experiencia de calidad de audio y vídeo de Windows (qWave) (QWAVE) - Unknown - %windir%\system32\svchost.exe

 

O23 - Service: Inicio de sesión secundario (seclogon) - Unknown - %windir%\system32\svchost.exe

 

Ask Toolbar will require more force to remove. It isn't a horrible nasty, but an annoyance for sure..

 

===

Link to comment
Share on other sites

Hi enoskype :wink:

 

I'll admit that I don't know which other Services might be dependant on Seclogon, but I when I read something like this :

http://www.bleepingcomputer.com/startups/seclogon.dll-18229.html

Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

If the user knows, then by all means :mrgreen:

 

===

Link to comment
Share on other sites

Hi So_sad

I checked which dependencies it might have, and it has none - by me at least. :-)

services.msc in Run and the tab dependencies.

The services offers you the opportunity to view a short description og what the service does - choice of logon type - choice of what to do in case the service doesn't start - and what dependencies it might have.

For the service in question it just offers the opportunity to log on with alternative legitimation.

This is usually not necessary on a computer that is only used by the administrator/default user, so a not started setting should be ok as a choice where you think you might need it at some time, otherwise just disable it. (You can always change the setting in services later if need arises)

 

Cheers

solbjerg

 

Hi enoskype :wink:

 

I'll admit that I don't know which other Services might be dependant on Seclogon, but I when I read something like this :

http://www.bleepingcomputer.com/startups/seclogon.dll-18229.html

 

If the user knows, then by all means :mrgreen:

 

===

Link to comment
Share on other sites

Hi solbjerg :wink:

 

Ok... you guys have convinced me to have a closer look.

 

http://www.theeldergeek.com/secondary_logon.htm

http://smallvoid.com/article/winnt-services-seclogon.html

 

Here's my general approach, when someone posts a log :

 

- Why has the log been posted ? Is there an infection ? When the only presentation is "Please give me advice" (or similar), then who knows... Infection, paranoia, curiousity or maybe just a slow machine.

 

- If a member specifically asks to trim the startup for speed purposes, then go ahead and disable what both parties are comfortable with, after discussion on what is needed or not needed.

 

- I personally tend to leave MS Services alone, simply because I do not know what the users are running or what they really need, unless we discuss it in detail. The computer could be operated by multiple users and one of them may find himself with applications that don't work, and not know why.

 

Optimization isn't my thing, but it can be done of course.

It would be interesting to hear what our member nial had in mind when he/she posted that log though...

 

===

Link to comment
Share on other sites

Hi So_sad,

 

I agree with you, my approach was only on the security side, but the needs differ from user to user.

 

Sometimes I do tend to overlook to the experience of the users.;-)

 

Thanks for the way of approaches to be considered.

 

Cheers.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...