Help!

HiJackThis - Slow Vista computer

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs RSS
Next:  Google owned by Mafia  
Author Message
raptorkevin



Joined: Sep 14, 2004
Posts: 80
PostPosted: Sat Aug 22, 2009 12:09 am    Post subject: HiJackThis - Slow Vista computer
Hello all! I am running a Dell XPS M1530 with Vista Home Premium SP2. When I boot the computer, it seems to be really slow. After the login screen, it takes a long time before I can do anything with the computer. I ran HiJackThis and here is the log. I hope you can help me out.

Thanks in advance!

Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:02 AM, on 8/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P8 /q C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\N70F8EYR\CLIENT~2.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\N70F8EYR\CLIENT~1.SH! c:\users\kevin\appdata\local\temp\HSPERF~1.SH! c:\users\kevin\appdata\local\temp\E4J182~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\CLB49F~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\VITALI~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\THIRDP~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\BROWSE~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\CLA430~1.SH! c:\users\kevin\appdata\local\temp\E4J295~1.SH! c:\users\kevin\appdata\local\temp\E4J97C~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\C7KA6UEJ\CLIENT~1.SH! c:\users\kevin\appdata\local\temp\E4J542~1.
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P8 /q C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\N70F8EYR\CLIENT~2.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\N70F8EYR\CLIENT~1.SH! c:\users\kevin\appdata\local\temp\HSPERF~1.SH! c:\users\kevin\appdata\local\temp\E4J182~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\CLB49F~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\VITALI~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\THIRDP~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\BROWSE~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\KPREFB07\CLA430~1.SH! c:\users\kevin\appdata\local\temp\E4J295~1.SH! c:\users\kevin\appdata\local\temp\E4J97C~1.SH! C:\Users\Kevin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\C7KA6UEJ\CLIENT~1.SH! c:\users\kevin\appdata\local\temp\E4J542~1.
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoU...ader55.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 17815 bytes
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Sat Aug 22, 2009 1:50 pm    Post subject:
You can try disabling a bunch of unnecessary startup items so it will use less resources every time you start up your computer. To do this, go to Start->Run and type in msconfig and hit OK. Then go to the Startup tab and uncheck all the programs you don't need at startup. You may ask, which ones are required? Only essential programs like your antivirus, antispyware and firewall should be running. If you must have some other programs running, I guess you can leave them as well. Everything else should be disabled. If you are unsure what a certain process does, search for the name in Google.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
Back to top
AIM Address Yahoo Messenger
raptorkevin



Joined: Sep 14, 2004
Posts: 80
PostPosted: Thu Aug 27, 2009 10:30 pm    Post subject:
Here is the combofix log:

ComboFix 09-08-27.02 - Kevin 08/27/2009 19:09.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2377 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-594210418-484695891-2646542494-500
c:\users\Kevin\AppData\Roaming\install.dat
c:\windows\Fonts\85855.fon
c:\windows\Fonts\85f1257.fon
c:\windows\Fonts\85f874.fon
c:\windows\Fonts\img hearts.ttf
c:\windows\Fonts\img travel.ttf
c:\windows\system32\oem7.inf

.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 23:21 . 2009-08-27 23:21 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-08-27 23:21 . 2009-08-27 23:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 22:30 . 2009-08-27 22:30 -------- d-----w- c:\users\Kevin\AppData\Local\Ahead
2009-08-27 20:03 . 2009-08-27 20:03 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2009-08-27 20:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 20:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 20:03 . 2009-08-27 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 07:01 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 19:26 . 2009-06-05 09:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-25 19:26 . 2009-06-05 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-22 04:13 . 2009-08-22 04:13 -------- d-----w- c:\program files\Trend Micro
2009-08-22 04:12 . 2009-08-22 04:13 812344 ----a-w- c:\users\Kevin\HJTInstall.exe
2009-08-22 03:51 . 2009-08-22 03:51 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 03:51 . 2009-08-06 02:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-22 03:50 . 2009-08-22 03:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-22 03:48 . 2009-08-22 03:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-22 03:20 . 2009-08-22 03:20 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-22 03:19 . 2009-08-22 03:48 -------- d-----w- c:\program files\Microsoft
2009-08-22 00:33 . 2009-08-22 00:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-17 03:30 . 2009-08-17 03:30 -------- d-----w- c:\program files\Belltech Scrapbook Design Studio
2009-08-15 00:28 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 00:28 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 00:28 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 00:28 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 00:28 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 00:27 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 00:27 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 00:27 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-12 01:12 . 2009-08-12 01:12 -------- d-----w- c:\users\Kevin\AppData\Local\LogMeIn
2009-08-12 01:11 . 2008-10-17 00:35 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-08-12 01:11 . 2008-10-17 00:35 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-08-12 01:11 . 2008-07-24 22:46 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-08-12 01:11 . 2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-08-12 01:11 . 2009-08-27 19:49 -------- d-----w- c:\program files\LogMeIn
2009-08-12 00:42 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 00:42 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 00:42 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 00:42 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 00:42 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 00:42 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 00:42 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 00:42 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 02:15 . 2009-08-11 02:15 -------- d-----w- C:\8c630a6a2d8e3497d35a1edf81
2009-08-04 00:41 . 2009-08-04 00:43 -------- d-----w- c:\program files\Zune

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:19 . 2009-06-17 00:36 -------- d-----w- c:\users\Kevin\AppData\Roaming\uTorrent
2009-08-27 22:28 . 2008-10-12 13:02 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-08-27 22:28 . 2008-10-10 16:07 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-08-27 22:24 . 2008-10-03 01:09 4268 ----a-w- c:\windows\bthservsdp.dat
2009-08-25 23:56 . 2008-10-12 12:50 -------- d-----w- c:\users\Kevin\AppData\Roaming\Windows Live Writer
2009-08-22 03:51 . 2008-10-03 06:21 -------- d-----w- c:\program files\Windows Live
2009-08-22 00:35 . 2008-10-03 06:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 07:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 16:44 . 2008-10-12 05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-04 01:43 . 2008-10-03 06:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-04 00:49 . 2009-08-04 00:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-08-04 00:49 . 2009-08-04 00:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-08-02 12:27 . 2008-10-21 23:46 -------- d-----w- c:\program files\SlySoft
2009-07-31 20:04 . 2008-10-21 20:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 12:54 . 2009-07-26 12:54 262144 ----a-w- C:\ntuser.dat
2009-07-26 12:54 . 2009-07-25 19:07 -------- d-----w- c:\program files\Ulead Systems
2009-07-26 12:54 . 2008-10-03 06:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-26 01:47 . 2008-10-03 07:05 142920 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-25 20:23 . 2009-05-09 01:42 680 ----a-w- c:\users\Kevin\AppData\Local\d3d9caps.dat
2009-07-25 20:23 . 2008-10-10 02:50 142920 ----a-w- c:\users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-25 19:12 . 2008-10-03 06:36 -------- d-----w- c:\program files\Intel
2009-07-25 19:10 . 2009-07-25 19:10 -------- d-----w- c:\program files\SmartSound Software
2009-07-25 19:09 . 2009-07-25 19:09 -------- d-----w- c:\program files\Windows Media Components
2009-07-25 19:07 . 2009-07-25 19:07 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-24 08:39 . 2009-07-24 08:39 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-07-21 21:52 . 2009-07-28 22:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 22:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 22:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 22:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 13:03 . 2009-01-07 03:29 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-11 02:19 . 2008-10-03 06:43 -------- d-----w- c:\program files\McAfee
2009-07-10 16:15 . 2009-07-10 16:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-07 11:27 . 2008-10-12 13:02 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-06-17 23:51 . 2009-01-27 11:54 175 ----a-w- c:\users\Kevin\AppData\Roaming\Azureus\restart.bat
2009-06-17 00:18 . 2009-01-05 13:02 10684866 ----a-w- c:\users\Kevin\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-06-16 01:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 14:53 . 2009-07-15 22:14 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 22:14 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 22:14 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 22:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 22:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-10-23 22:29 . 2008-10-03 06:35 74 --sh--r- c:\windows\CT4CET.bin
2008-10-03 08:57 . 2008-10-03 08:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-03 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-04 288048]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-07-25 2968512]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-25 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-25 96800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-25 13552160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-03 29744]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-10-3 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-03 06:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ------w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):16,b8,26,95,32,ee,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AEC5453E-BD64-428A-B40A-BABE0620BCFB}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{24B9186F-B249-49F1-A53F-6575F413BE12}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{BBCB4D53-5484-4688-B7C8-2B350FDBFB66}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C399D5B5-1981-429F-A856-D63B52F02B10}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E680325F-822A-4EC8-8E69-38031E7B8870}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B4922C2C-3CC7-4D54-A46F-7758D10FAE6E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3662D68C-8E5E-46E3-9515-3D5A488880BB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{02FA2027-E21B-4825-8A58-A165E6D8ED5D}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E5AC95B0-1396-4B8A-8B92-363E254B7D66}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{1DEAEDFD-F511-4D1D-B6AB-A9EE726272C1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2C38C1A3-4E91-43C9-A1FB-98061F545F8F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F0A1375F-97CA-4603-96C6-43D7A6C8CCAB}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{DADC7B0F-F7A4-4EAC-B38F-34E7A830904B}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{A396F80F-F47A-4F07-BC73-9E652BC2C789}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{9E48ACC0-C817-4E6D-807B-A1827F33947B}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{3A5CFA8D-D9AA-4CC8-9923-A85544B0636F}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{944AE5A6-731B-4EDE-B38D-F81ADE2E9061}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"TCP Query User{D994DFF0-B50C-4BA3-B34A-92B30B1EF7CB}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C7C37CCB-99A4-4D4D-8EB7-40126E99451E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{51625730-73CD-47EA-9DE4-F6228F9FC93A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{00F74068-E3CF-4AFF-8208-1E34D5BD1997}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7720D5C1-EE33-40B8-893B-748A10EE834B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{14D961AF-E49B-4C3A-80DD-CBE4E464131C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C6B1530D-03FF-48A2-AE7C-043086A7F5C2}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FD33ABA0-712E-4723-B5C6-940B344F08F3}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{1E028ADC-67DF-4F69-817B-548FE1806FAC}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D75CDB63-BFD0-42E6-B66A-5A87665309B6}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{631E7482-D629-4967-AB73-7C4BCEE292C5}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{2861A543-A3CD-4853-A5B5-F89CB5081B64}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"{D60850FA-A3FB-4743-B04A-FBFC764608B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1ADBBA8F-FFED-4288-8C8B-31F7F865E860}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{E744232E-4C0C-492A-AF8F-EA5B4A7D3DE5}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{F6305B9C-A103-4EA9-8100-9DBD8E4F0F5D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{FFD0F85A-D512-4572-8F08-7B5FDB5E02CE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D929454D-4B46-408E-AE67-BA8C66D9411C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9FC2AAA3-6846-44B2-9810-D1E55132124C}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{0E0A75A7-6DED-49B6-84C5-E688BE987F6B}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{2AF19240-9729-42CC-9A87-34D594DBC0EE}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{3A940711-E16C-4544-A1BC-C486F4D1D7C8}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D145F879-3E93-4CE0-A1F2-4DAF38143B36}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{808BFA3A-A334-474E-8825-391AC4D9BDC6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2BE7A00C-5F3A-4458-A8F2-86174AD7F17C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EFCAF8A1-3B8B-429A-91B1-F0F6C2A4CA56}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{57417150-949A-4B67-87F3-C7712D6428C3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/2/2008 9:07 PM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 3:09 PM 161048]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [8/11/2009 9:11 PM 47640]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/3/2008 5:02 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [10/3/2008 5:02 AM 7424]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [8/21/2009 11:51 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [10/3/2008 5:02 AM 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 14:53]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 14:53]

2009-08-27 c:\windows\Tasks\User_Feed_Synchronization-{34CA72AF-DD7E-467A-8A0E-64DAFD446820}.job
- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=u...mp;ibd=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoU...ader55.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 19:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-08-27 19:25
ComboFix-quarantined-files.txt 2009-08-27 23:25

Pre-Run: 134,883,901,440 bytes free
Post-Run: 134,789,001,216 bytes free

335 --- E O F --- 2009-08-26 07:02


malware log:

Malwarebytes' Anti-Malware 1.40
Database version: 2706
Windows 6.0.6002 Service Pack 2

8/27/2009 6:22:17 PM
mbam-log-2009-08-27 (18-22-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 260476
Time elapsed: 1 hour(s), 53 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Back to top
greyknight17



Joined: Feb 03, 2003
Posts: 5674

Location: Brooklyn, NY
PostPosted: Fri Aug 28, 2009 7:28 pm    Post subject:
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
Back to top
AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> HijackThis Logs All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum