Hijack Analysis Report
August 1st, 2013
Heres my report:
Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 12:34:12, on 01/02/2012
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Users\Abbas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Abbas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abbas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Abbas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Abbas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 – BHO: SkypeIEPluginBHO – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 – HKCU\..\Run: [SRS Audio Sandbox] “C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe” /hideme
O4 – HKCU\..\Run: [Google Update] “C:\Users\Abbas\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 – HKLM\..\Run: [AdobeCS5.5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe” -launchedbylogin
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 – Extra button: Click to call with Skype – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} –
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_29) – http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O16 – DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) – http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) – http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
O23 – Service: Adobe Acrobat Update Service (AdobeARMservice) – Adobe Systems Incorporated – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 – Service: (AMD External Events Utility) – AMD – C:\Windows\system32\atiesrxx.exe
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 – Service: (SwitchBoard) – Adobe Systems Incorporated – C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 – Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown – %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
Use this to analyse the log for you:
http://hijackthis.de/
Do you believe your PC is infected? If so, what are the signs of infection?
What AV do you have installed?
Run a scan with HijackThis as mentioned above. Link to installer/portable version (click ‘Executable’ for the portable version) is here:
http://free.antivirus.com/hijackthis/
Don’t use the Beta version. Use version 2.0.4