 Generic Host Process / F secure Update Agent |
Welcome to What the Tech! Register for a free account, or login > How does it work? We specialize in the removal of malicious software (malware),but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn.
Spyware, Virus, Trojan, Rootkit? Remove malware -> Read this before posting a hijackthis log • Need help starting a new topic?
To avoid confusion, please do not post your question in someone else's topic. Start your own. Stay with your original topic when posting a follow up.  |
 Aug 23 2008, 10:55 AM
Post
#1
|
|
 New Member  Group: Authentic Member Posts: 14 Joined: 19-May 05 From: Missouri Member No.: 32,735 Operating System: WIN XP PRO  |
Generic Host Process for Win32 when i start my computer. F Secure Automatic Update Agent Run Upstreamer error. Here is my Htj Log Please advise me how to correct these problems Logfile of HijackThis v1.99.1 Scan saved at 11:23:24 AM, on 8/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cisvc.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\dmi\win32\bin\Win32sl.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\WINDOWS\system32\ctfmon.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\HJTsetup.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S95NJ.tmp\is-0VID5.tmp C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZSzim001YYUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/PogoWeb...erInstaller.CAB O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Start up List Log StartupList report, 8/23/2008, 11:35:37 AM StartupList version: 1.52.2 Started from : C:\Program Files\Hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16705) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cisvc.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\dmi\win32\bin\Win32sl.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\WINDOWS\SYSTEM32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\WINDOWS\system32\ctfmon.exe C:\SIERRA\CardStudio\PLNRnote.exe C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe Bluetooth.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run LWBKEYBOARD = C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe FLMOFFICE4DMOUSE = C:\Program Files\Browser MOUSE\mouse32a.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx (Default) = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe Aim6 = -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -------------------------------------------------- Enumerating Task Scheduler jobs: Scheduled scanning task.job Check Updates for Windows Live Toolbar.job -------------------------------------------------- Enumerating Download Program Files: [SmartAccess Ctl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ssctlsma.dll CODEBASE = https://install.charter.com/diskless/bin/ssctlsma.dll [SysProWmi Class] InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB [Microsoft Office Template and Media Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll [PogoWebLauncher Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\POGOWE~1.OCX CODEBASE = http://game1.pogo.com/cdl/launcher/PogoWeb...erInstaller.CAB [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [AcceptWM Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\WMAcceptor.dll CODEBASE = https://w3s.webmoney.ru/WMAcceptor.dll [MJLauncherCtrl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\mjolauncher.dll CODEBASE = http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab [Get_ActiveX Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab [Dell PC Checkup Installer Control] InProcServer32 = C:\WINDOWS\System32\gtdownde_110.ocx CODEBASE = http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 8,060 bytes Report generated in 0.063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Time is now: 5th September 2010 - 08:57 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
