Closed's recommendations please?

VanMan2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:13, on 13/04/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061026
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061026
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061026
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 4429 bytes

Been upgrading, please advise, buddy,

matttye

Looks fine to me. Are you experiencing some kind of problem?

services.exe is a common file name for viruses but Windows also installs a services.exe in System32 so if a virus scan is picking up nothing, it's unlikely to be a problem.

closed

not much bloat other than mscorsvw.exe, jusched.exe, jqs.exe, FlashPlayerUpdateService.exe

matttye

closed wrote: »

not much bloat other than mscorsvw.exe, jusched.exe, jqs.exe, FlashPlayerUpdateService.exe

Not sure I'd call software updaters bloat Java and Flash MUST be kept updated constantly because of how many people use them and how important it is to make sure vulnerabilities are patched.

GunJack

matttye wrote: »

Not sure I'd call software updaters bloat Java and Flash MUST be kept updated constantly because of how many people use them and how important it is to make sure vulnerabilities are patched.

yes they must, but better manually check weekly rather than leave more processes running for no good reason.....

matttye

GunJack wrote: »

yes they must, but better manually check weekly rather than leave more processes running for no good reason.....

Good luck getting most PC users to do that! Software updaters tend to be pretty light on resources anyway. Especially when most PCs come standard with 4GB+ of RAM these days.

closed

Automatic updates can cause more problems than the vulnerabilities they purport to fix - one rogue update can equal an unbootable pc.

Virus scanner and backups and periodic manual updates reduce the minimal risk, without having any impact on pc performance.

GunJack

matttye wrote: »

Good luck getting most PC users to do that! Software updaters tend to be pretty light on resources anyway. Especially when most PCs come standard with 4GB+ of RAM these days.

...and the vast majority of PCs IN USE come with a shedload less than that....

matttye

closed wrote: »

Automatic updates can cause more problems than the vulnerabilities they purport to fix - one rogue update can equal an unbootable pc.

Virus scanner and backups and periodic manual updates reduce the minimal risk, without having any impact on pc performance.

Did you really just say virus scanners don't impact on PC performance? :rotfl: I've seen powerful PCs slow to a crawl while virus scans are running.

In any event - you're right that a rogue update can, in theory, cause problems, but that's no reason not to install updates. It's worth noting that a rogue update will cause problems no matter how it's installed, whether that be manually (as GunJack is suggesting) or automatically.

The risks of not updating software are NOT minimal and virus scanning applications tend to be reactive rather than proactive.

GunJack wrote: »

...and the vast majority of PCs IN USE come with a shedload less than that....

Even so, an updater that doesn't even display a graphical UI the vast majority of the time is unlikely to cause any performance issues.

closed

I knew you'd pick up on that nuance of words, I was referring to manual updates, and rarely ever need to do manual scans.

They are minimal, if you backup. There are 1000's upon thousands of security advisories and holes in code, and billions of unpatched machines totally unaffected unless they happen to hit upon a site that has been compromised, with something a virus scanner doesn't detect.

Rogue updates are usually pulled a day or two after they have been rolled out, as was demonstrated by the recent windows update that caused unbootable machines, with automatic updaters, you have little or no control of when the updates are applied, outside of windows updates, most people don't know that any of this is going on all the time, slowing down the machine, and filling up the hard disk

matttye

closed wrote: »

I knew you'd pick up on that nuance of words, I was referring to manual updates, and rarely ever need to do manual scans.

They are minimal, if you backup. There are 1000's upon thousands of security advisories and holes in code, and billions of unpatched machines totally unaffected unless they happen to hit upon a site that has been compromised, with something a virus scanner doesn't detect.

Rogue updates are usually pulled a day or two after they have been rolled out, as was demonstrated by the recent windows update that caused unbootable machines, with automatic updaters, you have little or no control of when the updates are applied, outside of windows updates, most people don't know that any of this is going on all the time, slowing down the machine, and filling up the hard disk

I'm a tech geek and I've posted on tens if not hundreds of tech forums over the years, and this is the first thread I've ever seen where people have recommended turning OFF automatic updates.

A virus scanner can only detect malicious software when its' definitions have been updated to enable it to do so.

Any buffer overflow exploit in a piece of software will allow an attacker to execute remote code on the victim's machine.

The Blaster Worm exploited such a vulnerability and my antivirus was as useful as a dry flannel when I got that worm. My antivirus made no attempts to stop my computer from being shut down by the Blaster worm continually. I had to google and learn about the "shutdown -a" command in the command prompt in the minute or so I had between each shutdown.

There's a well known saying, "Prevention is better than the cure" and that rings true for PC's too; patch the vulnerability rather than just leaving the hole open and hoping that an antivirus will clear up the mess.