TechSpot

Windows Vista SP2 possible malware?

By flash4203
Jan 31, 2012
  1. as i was helped so much on my laptop i am getting parents PC looked at
    its a HP Pavillian a6325.uk

    here are the logs

    Malwarebytes

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.01.30.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: VALRORIK-PC [administrator]

    Protection: Enabled

    31/01/2012 01:47:22
    mbam-log-2012-01-31 (01-47-22).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 343226
    Time elapsed: 1 hour(s), 11 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-31 04:53:12
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.12.0
    Running: 1u6gwtk6.exe; Driver: C:\Users\User\AppData\Local\Temp\ufldqkob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89CB3C30 ZwAlertResumeThread
    SSDT 89CB3D10 ZwAlertThread
    SSDT 89CE9640 ZwAllocateVirtualMemory
    SSDT 89B32930 ZwAlpcConnectPort
    SSDT 89CBE8F0 ZwAssignProcessToJobObject
    SSDT 89CBEE58 ZwCreateMutant
    SSDT 89CE8CE8 ZwCreateSymbolicLinkObject
    SSDT 89CE5C68 ZwCreateThread
    SSDT 89CBE990 ZwDebugActiveProcess
    SSDT 89CE5990 ZwDuplicateObject
    SSDT 89CE9460 ZwFreeVirtualMemory
    SSDT 89CBEF48 ZwImpersonateAnonymousToken
    SSDT 89CB3B50 ZwImpersonateThread
    SSDT 89B93A18 ZwLoadDriver
    SSDT 89CBFF28 ZwMapViewOfSection
    SSDT 89CBED78 ZwOpenEvent
    SSDT 89CE5B50 ZwOpenProcess
    SSDT 89CE9730 ZwOpenProcessToken
    SSDT 89CBEBB8 ZwOpenSection
    SSDT 89CE5A80 ZwOpenThread
    SSDT 89CE8ED8 ZwProtectVirtualMemory
    SSDT 89CB3DF0 ZwResumeThread
    SSDT 89CBFC78 ZwSetContextThread
    SSDT 89CBFD58 ZwSetInformationProcess
    SSDT 89CBEA70 ZwSetSystemInformation
    SSDT 89CBEC98 ZwSuspendProcess
    SSDT 89CB3ED0 ZwSuspendThread
    SSDT 89CC4E10 ZwTerminateProcess
    SSDT 89CB3F90 ZwTerminateThread
    SSDT 89CBFE48 ZwUnmapViewOfSection
    SSDT 89CE9550 ZwWriteVirtualMemory
    SSDT 89CE8DD8 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 82AB48A0 8 Bytes [30, 3C, CB, 89, 10, 3D, CB, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 82AB48B4 4 Bytes [40, 96, CE, 89]
    .text ntkrnlpa.exe!KeSetEvent + 13D 82AB48C0 4 Bytes [30, 29, B3, 89] {XOR [ECX], CH; MOV BL, 0x89}
    .text ntkrnlpa.exe!KeSetEvent + 191 82AB4914 4 Bytes CALL D5C7D2E4
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82AB4978 4 Bytes [58, EE, CB, 89]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!EnableWindow 7755CD8B 5 Bytes JMP 6C689A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamW 775810B0 5 Bytes JMP 6C5E170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamW 77582EF5 5 Bytes JMP 6C7D62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxParamA 77598152 5 Bytes JMP 6C7D6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!DialogBoxIndirectParamA 7759847D 5 Bytes JMP 6C7D6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectA 775AD4D9 5 Bytes JMP 6C7D61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxIndirectW 775AD5D3 5 Bytes JMP 6C7D6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExA 775AD639 5 Bytes JMP 6C7D6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[648] USER32.dll!MessageBoxExW 775AD65D 5 Bytes JMP 6C7D609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ntdll.dll!NtMapViewOfSection 77724994 5 Bytes JMP 044C003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ntdll.dll!NtSetInformationProcess 77725194 5 Bytes JMP 044C00F7
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!ReadProcessMemory + 3E 75F11CB3 7 Bytes JMP 044C01B0
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!WriteProcessMemory + 106 75F11DBE 7 Bytes JMP 044C03D2
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!CreateIoCompletionPort + 52 75F39DA6 7 Bytes JMP 044C0488
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!VirtualAllocEx + 54 75F5AF70 7 Bytes JMP 044C031C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!CreateThread 75F5CB2E 5 Bytes JMP 6C647303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] kernel32.dll!GetProcessHandleCount + 35 75FA5D4F 7 Bytes JMP 044C0266
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamW 775572A2 5 Bytes JMP 6C7D6628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!GetAsyncKeyState 7755863C 5 Bytes JMP 6C62DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetWindowsHookExW 775587AD 5 Bytes JMP 6C682194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CallNextHookEx 77558E3B 5 Bytes JMP 6C6A7BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!UnhookWindowsHookEx 775598DB 5 Bytes JMP 6C6CEB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!EnableWindow 7755CD8B 5 Bytes JMP 6C689A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DefWindowProcA 7755DB88 7 Bytes JMP 6C64952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateWindowExA 7755DC2A 5 Bytes JMP 6C653363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateWindowExW 77561305 5 Bytes JMP 6C6AFF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!GetKeyState 77568CB1 5 Bytes JMP 6C62DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DefWindowProcW 775703B4 7 Bytes JMP 6C6A7C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessageW 77570745 5 Bytes JMP 6C7D6D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogParamA 775717AA 5 Bytes JMP 6C7D65F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessage 77571847 2 Bytes JMP 6C7D6D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!IsDialogMessage + 3 7757184A 2 Bytes [26, F5]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogIndirectParamA 775726F1 5 Bytes JMP 6C7D6660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!CreateDialogIndirectParamW 77579A62 5 Bytes JMP 6C7D6698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetKeyboardState 77580987 5 Bytes JMP 6C7D7649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamW 775810B0 5 Bytes JMP 6C5E170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamW 77582EF5 5 Bytes JMP 6C7D62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SendInput 77582F75 5 Bytes JMP 6C7D75F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!EndDialog 7758326E 5 Bytes JMP 6C7D702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!SetCursorPos 77596FB2 5 Bytes JMP 6C7D76CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxParamA 77598152 5 Bytes JMP 6C7D6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!DialogBoxIndirectParamA 7759847D 5 Bytes JMP 6C7D6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectA 775AD4D9 5 Bytes JMP 6C7D61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxIndirectW 775AD5D3 5 Bytes JMP 6C7D6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExA 775AD639 5 Bytes JMP 6C7D6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!MessageBoxExW 775AD65D 5 Bytes JMP 6C7D609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] USER32.dll!keybd_event 775AD972 5 Bytes JMP 6C7D75AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] SHELL32.dll!SHRestricted + D95 762B89A8 4 Bytes [CF, 01, BC, 6D]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] SHELL32.dll!SHRestricted + D9D 762B89B0 8 Bytes [E0, 61, BB, 6D, 79, F7, BB, ...] {LOOPNZ 0x63; MOV EBX, 0xbbf7796d; INSD }
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!OleLoadFromStream 77421E80 5 Bytes JMP 6C7D6A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!CoGetTreatAsClass + D2F 7743FAE3 7 Bytes JMP 044C053E
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] ole32.dll!CoCreateInstance + 3E 77459F7C 7 Bytes JMP 044C05F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!closesocket 76DB330C 5 Bytes JMP 66AA41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!recv 76DB343A 5 Bytes JMP 66AA4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!socket 76DB36D1 5 Bytes JMP 66AA354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!connect 76DB40D9 5 Bytes JMP 66AA35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!getaddrinfo 76DB418A 5 Bytes JMP 66AA3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3752] WS2_32.dll!send 76DB659B 5 Bytes JMP 66AA3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----
     
  2. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Edit: Excess GMER entries reviewed and removed by Bobbye.
     
  3. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Edit: Excess GMER entries reviewed and removed by Bobbye.

    ---- EOF - GMER 1.0.15 ----
     
  4. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    AND NOW DDS


    dds.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by User at 12:54:09 on 2012-01-31
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1699 [GMT 0:00]
    .
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ATKFUSService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\Windows\system32\lxdicoms.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://msn.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AB7E66FC-61F6-4457-B99A-C483DF5DED1A} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\tzu18q8h.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-22 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-22 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-23 820344]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120128.002\IDSvix86.sys [2012-1-31 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-22 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-22 331384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-24 21504]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-25 652360]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-22 130008]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-21 2253120]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2002-1-1 106104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-25 20464]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-24 139880]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-13 25704]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-13 25704]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-13 25704]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-13 25704]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-13 25704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
    .
    =============== Created Last 30 ================
    .
    2012-01-31 00:38:34 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2012-01-31 00:38:32 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-31 00:38:32 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-31 00:38:32 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-31 00:38:32 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-31 00:38:31 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2012-01-31 00:38:31 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2012-01-31 00:34:58 -------- d-----w- c:\users\user\appdata\local\Mozilla
    2012-01-26 07:53:56 -------- d-----w- c:\program files\iPod
    2012-01-24 01:58:07 -------- d-----w- c:\users\user\appdata\local\Hewlett-Packard
    2012-01-24 01:43:36 -------- d-----w- c:\programdata\PC-Doctor
    2012-01-24 01:43:20 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2012-01-24 01:42:11 -------- d-----w- c:\program files\PC-Doctor for Windows
    2012-01-24 01:42:07 -------- d-----w- C:\hp
    2012-01-24 01:39:34 -------- d-----w- c:\users\user\appdata\roaming\HpUpdate
    2012-01-24 01:39:33 -------- d-----w- c:\windows\Hewlett-Packard
    2012-01-24 00:16:19 -------- d-----w- c:\users\user\appdata\local\NVIDIA Corporation
    2012-01-13 15:12:40 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2012-01-13 15:12:08 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2012-01-13 15:11:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2012-01-13 15:11:16 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2012-01-13 15:10:57 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2012-01-13 15:10:50 892928 ----a-w- c:\windows\system32\iconv.dll
    2012-01-13 15:10:50 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2012-01-13 15:10:49 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2012-01-13 15:10:48 -------- d-----w- c:\program files\Aimersoft
    2012-01-11 16:22:53 -------- d-----w- c:\programdata\Audible
    2012-01-11 16:15:53 -------- d-----w- c:\users\user\appdata\local\Audible
    2012-01-11 16:10:02 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 16:10:02 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 16:10:01 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 16:09:59 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 16:09:57 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 16:09:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-11 16:09:55 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 16:09:55 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-10 09:36:07 255352 ----a-w- c:\windows\system32\awrdscdc.ax
    2012-01-10 09:36:02 499712 ------w- c:\windows\system32\msvcp71.dll
    2012-01-10 09:36:02 24576 ------w- c:\windows\system32\msxml3a.dll
    2012-01-10 09:36:02 1060864 ------w- c:\windows\system32\mfc71.dll
    2012-01-10 09:35:33 -------- d-----w- c:\program files\Audible
    .
    ==================== Find3M ====================
    .
    2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
    2011-11-15 20:34:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 12:55:16.60 ===============
     
  5. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/01/2002 21:09:13
    System Uptime: 31/01/2012 12:45:28 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Benicia
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 347.944 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A6F103C&REV_02\4&5D52B92&0&00E2
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2A6F103C&REV_02\4&5D52B92&0&00E2
    Service: RTL8169
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Aimersoft DRM Media Converter(Build 1.4.7.2)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS Gamer OSD
    ASUS Smart Doctor
    ASUS VideoSecurity Online
    AudibleManager
    Bejeweled Deluxe 1.861
    Bonjour
    BT Broadband Desktop Help
    BTHomeHub
    Business Contact Manager for Outlook 2007 SP2
    CCleaner
    D3DX10
    Free RAR Extract Frog
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Advisor
    HP My Display
    HP Product Detection
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Lexmark 3500-4500 Series
    Lexmark Fax Solutions
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Money
    Microsoft Money System Pack
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XML Parser
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8
    neroxml
    Norton 360
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA Graphics Driver 285.62
    NVIDIA HD Audio Driver 1.2.24.0
    NVIDIA Install Application
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    PDF Viewer 0.1
    Realtek High Definition Audio Driver
    RuneScape Launcher 1.0.4
    SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Segoe UI
    Spybot - Search & Destroy
    System Requirements Lab
    System Requirements Lab CYRI
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Utility
    VCRedistSetup
    VirtualCloneDrive
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    XviD MPEG-4 Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/01/2012 12:47:28, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    31/01/2012 09:39:59, Error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
    24/01/2012 01:28:06, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome back!

    Please read all directions carefully: From GMER:
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.

    Please tell me what problems you're having that makes you suspect malware. The one entry removed in Malwarebytes was for:
    {549B5CA7-4A86-11D7-A4DF-000874180BB3} (no name) (no file) Orphaned registry key installed by unidentified malware.

    I see an entry showing "No File" that was for the AskToolbar.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  7. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    The reason i asked is because this computer does not run as fast as it used to run, it is very laggy. so i was suspect!



    and with GMER the show all check box is greyed out and not clickerble.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There are many reasons for a slow computer- malware is just one of them:

    1. How many processes do you have on the Startup Menu?
    2. How many processes are running in the Task Manager?
    3. How much RAM is installed?
    4. Do you have automatic updates set? How many?
    5. Do you have Schedules Tasks set? How many? (Some may be for #4)
    6. Do you have a regular maintenance schedule set to do the following:
    • Delete temporary internet files and Cookies.
    • Do a disc cleanup
    • Do a defrag
    • Run the Error Checking.
    7.When was the last time you did the maintenance?
    Note: These questions are meant to be helpful to you. Many users don't realize that these need to be done regularly to keep the system running well.
    ===========================================
    We'll check further and see if we're missing anything:

    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    before we do the scans to answer your questions

    1. How many processes do you have on the Startup Menu?
    Not sure but when i click start its empty

    2. How many processes are running in the Task Manager?
    79 processes

    3. How much RAM is installed?
    3GB

    4. Do you have automatic updates set? How many?
    Are these Windows update? or other programes that update themselfs at system startup?

    5. Do you have Schedules Tasks set? How many? (Some may be for #4)
    this i believe should be for norton and windows update? if so both.

    6. Do you have a regular maintenance schedule set to do the following:•Delete temporary internet files and Cookies.
    these get done once or twice a week with Norton and CCleaner

    •Do a disc cleanup
    •Do a defrag - Done with norton360??
    •Run the Error Checking.

    7.When was the last time you did the maintenance? Weekly
    Note: These questions are meant to be helpful to you. Many users don't realize that these need to be done regularly to keep the system running well.


    Scans to follow.

    ESET no threats
     
  10. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    ComboFix 12-01-30.02 - User 31/01/2012 20:54:05.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1392 [GMT 0:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPL38D0.tmp
    c:\windows\system32\odbcad32.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-31 21:25 . 2012-01-31 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-31 21:25 . 2012-01-31 21:25 -------- d-----w- c:\users\Claire\AppData\Local\temp
    2012-01-31 19:03 . 2012-01-31 19:03 -------- d-----w- c:\program files\ESET
    2012-01-31 14:48 . 2012-01-31 14:48 -------- d-----w- c:\program files\Common Files\Java
    2012-01-31 14:47 . 2012-01-31 14:47 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files\Ask.com
    2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- C:\FIND_MOZ_EXT
    2012-01-31 14:39 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
    2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\program files\Secunia
    2012-01-31 14:36 . 2012-01-31 14:36 -------- d-----w- c:\program files\FileHippo.com
    2012-01-31 13:48 . 2012-01-31 13:48 -------- d--h--w- c:\windows\PIF
    2012-01-31 13:00 . 2012-01-31 13:50 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    2012-01-31 00:38 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-31 00:38 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2012-01-31 00:38 . 2012-01-29 13:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2012-01-31 00:34 . 2012-01-31 00:34 -------- d-----w- c:\users\User\AppData\Local\Mozilla
    2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\program files\iPod
    2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\programdata\Apple Computer
    2012-01-24 01:58 . 2012-01-24 01:58 -------- d-----w- c:\users\User\AppData\Local\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\users\User\AppData\Roaming\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\programdata\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\program files\Hewlett-Packard
    2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor
    2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2012-01-24 01:42 . 2012-01-24 01:43 -------- d-----w- c:\program files\PC-Doctor for Windows
    2012-01-24 01:42 . 2012-01-24 01:47 -------- d-----w- C:\hp
    2012-01-24 01:39 . 2012-01-24 01:41 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
    2012-01-24 01:39 . 2012-01-24 01:39 -------- d-----w- c:\windows\Hewlett-Packard
    2012-01-24 00:16 . 2012-01-24 00:16 -------- d-----w- c:\users\User\AppData\Local\NVIDIA Corporation
    2012-01-21 15:21 . 2012-01-21 15:21 -------- d-----w- c:\users\UpdatusUser
    2012-01-21 15:18 . 2012-01-21 15:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2012-01-13 15:10 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2012-01-13 15:10 . 2010-12-24 15:27 892928 ----a-w- c:\windows\system32\iconv.dll
    2012-01-13 15:10 . 2010-12-24 15:27 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2012-01-13 15:10 . 2011-01-15 14:08 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2012-01-13 15:10 . 2012-01-13 15:10 -------- d-----w- c:\program files\Aimersoft
    2012-01-11 16:22 . 2012-01-11 16:22 -------- d-----w- c:\programdata\Audible
    2012-01-11 16:15 . 2012-01-31 14:19 -------- d-----w- c:\users\User\AppData\Local\Audible
    2012-01-11 16:10 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 16:10 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 16:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 16:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 16:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-11 16:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 16:09 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 16:09 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-10 09:36 . 2012-01-10 09:36 255352 ----a-w- c:\windows\system32\awrdscdc.ax
    2012-01-10 09:36 . 2003-03-18 21:20 1060864 ------w- c:\windows\system32\mfc71.dll
    2012-01-10 09:36 . 2003-03-18 20:14 499712 ------w- c:\windows\system32\msvcp71.dll
    2012-01-10 09:36 . 2001-08-17 22:43 24576 ------w- c:\windows\system32\msxml3a.dll
    2012-01-10 09:35 . 2012-01-10 09:36 -------- d-----w- c:\program files\Audible
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 14:49 . 2011-05-14 20:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 14:47 . 2010-10-25 17:49 567184 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-10 15:24 . 2010-10-25 11:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-23 13:37 . 2011-12-15 19:24 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-17 06:48 . 2002-01-01 00:10 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23 . 2002-01-01 00:10 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23 . 2002-01-01 00:10 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23 . 2002-01-01 00:10 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21 . 2002-01-01 00:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12 . 2002-01-01 00:10 9728 ----a-w- c:\windows\system32\lsass.exe
    2011-11-08 14:42 . 2011-12-15 10:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 22:47 . 2011-12-16 10:14 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40 . 2011-12-16 10:14 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-16 10:15 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31 . 2011-12-16 10:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-01-29 15:55 . 2012-01-31 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-21 12:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
    "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2008-09-10 77824]
    .
    c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Product Registration.lnk - c:\users\User\AppData\Local\Temp\is-HHKAI.tmp\ATR1.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-10-24 16:58 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    2009-07-30 18:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
    2007-06-29 17:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2003-06-18 12:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    2008-08-18 08:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-11-09 17:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PSI
    *Deregistered* - ufldqkob
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
    .
    2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tzu18q8h.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-31 21:26
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    Completion time: 2012-01-31 21:44:38
    ComboFix-quarantined-files.txt 2012-01-31 21:44
    .
    Pre-Run: 377,172,545,536 bytes free
    Post-Run: 377,217,114,112 bytes free
    .
    - - End Of File - - FCBC7037F481B422E1778B4D0B423885
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm seeing what appears to be web sites installed as Program Files: Examples:
    FileHippo.com
    HP
    -----------------------
    Run the following and then tell me if the speed has improved:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    c:\program files\FileHippo.com
    c:\windows\PIF
    c:\users\Default\AppData\Local\Microsoft Help
    DDS::
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    mRunOnce: [PCDrProfiler] "c:\program files\pc-doctor for windows\RunProfiler.exe" -r
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"=-
    "FileHippo.com"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PCDrProfiler"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    Clearjavacache::
    CreateRestorePoint::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ===========================================
    Please uninstall the following in Add/remove Programs:
    HP> the program
    FileHippo.com
    All ASK entries: Ask.com plus Ask Toolbar>>
    Usually no one intentionally installs the Ask.com/Ask Toolbar. But rather it is either pre-checked on a download screen and the user doesn't uncheck it, or it is bundled with unrelated downloads and installed without you permission or knowledge. Regardless, it should be uninstalled in Add/remove Programs and it's folder deleted in the Programs list:
    Use Windows Explorer to access Computer> Local Drive- usually C> Programs> do a right click> Delete on the program folder.
    ==========================================
    About the number of processes running in the Task Manager: 79> we need to get that down to closer to 40.

    About Startup: Click on Start> Run> type in msconfig> enter> Startup tab> how many processes are checked?

    You are loading an running an enormous number of needless processes. Anything that load on boot and runs in the background is using system resources. As you surf and begin gathering temporary internet files, they are using more of the resources. At some point, you will get slower to load, slower to surf and slower to shut down.

    How do you control this? By only starting processes on boot that need to run- surprisingly few:
    Antivirus
    Firewall
    Touchpad if using laptop
    Network is using Cico or Pure Networks
    Nothing else (I have 5 processes checked)
    What you need and when you need it, you start from All Programs when you need it
    ===============================
    Hewlett-Packard
    On 1/24/2012, I see all of these listed:
    Hewelett-Packard is a company, a web site, available for downloads and a computer manufacturer. It also has printer software and drivers.

    These are the only HP processes I see installed: You don't need any of them running in the background.
    1. HP Advisor >> is a program that is preinstalled on HP computers. When run, this program will scan your computer for problems and provide advice on how to fix them or optimize the computer. Can be launched as needed.
    2. HP My Display>> when you did the download from HP, it had the 'HP My Display' utility for the supported HP monitor models.The HP My Display utilty is a monitor control and calibration program- did you need it? No. With PlugNPlay in Windows, you already have it.
    3. HP Product Detection >> Utility gathers product data and displays support information for maintanence .
    4. HP Update >> You don't need HP contacting the internet several times every day, looking for an update
    -------------------------------------
    Some other 'not needed' processes that are running:
    1. RunProfiles> PC Doctor>
    This application from the PC Doctor software functions as the Hardware Diagnostic Tools Profiler. It scans hardware devices to resolve and repair damaged files and registry processes. Not recommended. We don't advise anyone using a registry cleaner. The risks far exceeds the gain (if any). If you need any type of diagnostics, run a program when and if needed- without registry modifications.
    2. DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab>> running in the background to Lists system requirements to run games. Use when and if needed.
     
  12. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    ComboFix with custom script
    ComboFix 12-02-02.02 - User 02/02/2012 18:55:10.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1474 [GMT 0:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    Command switches used :: c:\users\User\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    c:\program files\FileHippo.com
    c:\program files\FileHippo.com\UpdateChecker.exe.config
    c:\users\Default\AppData\Local\Microsoft Help
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-02 19:23 . 2012-02-02 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-02 19:23 . 2012-02-02 19:23 -------- d-----w- c:\users\Claire\AppData\Local\temp
    2012-01-31 14:48 . 2012-01-31 14:48 -------- d-----w- c:\program files\Common Files\Java
    2012-01-31 14:47 . 2012-01-31 14:47 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files\Ask.com
    2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- C:\FIND_MOZ_EXT
    2012-01-31 14:39 . 2012-01-29 15:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\users\User\AppData\Local\Secunia PSI
    2012-01-31 14:37 . 2012-01-31 14:37 -------- d-----w- c:\program files\Secunia
    2012-01-31 13:48 . 2012-01-31 13:48 -------- d--h--w- c:\windows\PIF
    2012-01-31 13:00 . 2012-01-31 13:50 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    2012-01-31 00:38 . 2012-01-29 15:55 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-31 00:38 . 2012-01-29 13:36 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-31 00:38 . 2012-01-29 13:36 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2012-01-31 00:38 . 2012-01-29 13:36 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2012-01-31 00:34 . 2012-01-31 00:34 -------- d-----w- c:\users\User\AppData\Local\Mozilla
    2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\program files\iPod
    2012-01-26 07:53 . 2012-01-26 07:53 -------- d-----w- c:\programdata\Apple Computer
    2012-01-24 01:58 . 2012-01-24 01:58 -------- d-----w- c:\users\User\AppData\Local\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\users\User\AppData\Roaming\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\programdata\Hewlett-Packard
    2012-01-24 01:45 . 2012-01-24 01:45 -------- d-----w- c:\program files\Hewlett-Packard
    2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor
    2012-01-24 01:43 . 2012-01-24 01:43 -------- d-----w- c:\programdata\PC-Doctor for Windows
    2012-01-24 01:42 . 2012-01-24 01:43 -------- d-----w- c:\program files\PC-Doctor for Windows
    2012-01-24 01:42 . 2012-01-24 01:47 -------- d-----w- C:\hp
    2012-01-24 01:39 . 2012-01-24 01:41 -------- d-----w- c:\users\User\AppData\Roaming\HpUpdate
    2012-01-24 01:39 . 2012-01-24 01:39 -------- d-----w- c:\windows\Hewlett-Packard
    2012-01-24 00:16 . 2012-01-24 00:16 -------- d-----w- c:\users\User\AppData\Local\NVIDIA Corporation
    2012-01-21 15:21 . 2012-01-21 15:21 -------- d-----w- c:\users\UpdatusUser
    2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2012-01-13 15:12 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2012-01-13 15:11 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2012-01-13 15:10 . 2010-12-24 15:27 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2012-01-13 15:10 . 2010-12-24 15:27 892928 ----a-w- c:\windows\system32\iconv.dll
    2012-01-13 15:10 . 2010-12-24 15:27 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2012-01-13 15:10 . 2011-01-15 14:08 153600 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2012-01-13 15:10 . 2012-01-13 15:10 -------- d-----w- c:\program files\Aimersoft
    2012-01-11 16:22 . 2012-01-11 16:22 -------- d-----w- c:\programdata\Audible
    2012-01-11 16:15 . 2012-01-31 14:19 -------- d-----w- c:\users\User\AppData\Local\Audible
    2012-01-11 16:10 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 16:10 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 16:10 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 16:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 16:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-11 16:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 16:09 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 16:09 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-10 09:36 . 2012-01-10 09:36 255352 ----a-w- c:\windows\system32\awrdscdc.ax
    2012-01-10 09:36 . 2003-03-18 21:20 1060864 ------w- c:\windows\system32\mfc71.dll
    2012-01-10 09:36 . 2003-03-18 20:14 499712 ------w- c:\windows\system32\msvcp71.dll
    2012-01-10 09:36 . 2001-08-17 22:43 24576 ------w- c:\windows\system32\msxml3a.dll
    2012-01-10 09:35 . 2012-01-10 09:36 -------- d-----w- c:\program files\Audible
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 14:49 . 2011-05-14 20:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 14:47 . 2010-10-25 17:49 567184 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-10 15:24 . 2010-10-25 11:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 18:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-23 13:37 . 2011-12-15 19:24 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-17 06:48 . 2002-01-01 00:10 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23 . 2002-01-01 00:10 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23 . 2002-01-01 00:10 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23 . 2002-01-01 00:10 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21 . 2002-01-01 00:10 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12 . 2002-01-01 00:10 9728 ----a-w- c:\windows\system32\lsass.exe
    2011-11-08 14:42 . 2011-12-15 10:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-01-29 15:55 . 2012-01-31 14:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-31_21.26.44 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-25 11:07 . 2012-02-02 16:28 59588 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2010-10-25 11:07 . 2012-01-31 13:55 59588 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2012-02-02 16:28 79032 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2010-10-25 11:07 . 2012-02-02 16:28 12324 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1957138177-2925787731-1041521244-1000_UserData.bin
    - 2006-11-02 13:02 . 2012-01-31 16:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2006-11-02 13:02 . 2012-02-02 16:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2006-11-02 13:02 . 2012-02-02 16:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2006-11-02 13:02 . 2012-01-31 16:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2006-11-02 13:02 . 2012-01-31 16:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 13:02 . 2012-02-02 16:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-02-02 17:08 . 2012-02-02 17:08 22016 c:\windows\Installer\28ba50.msi
    + 2012-02-02 16:33 . 2012-02-02 16:33 75048 c:\windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
    + 2012-02-02 16:25 . 2012-02-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-31 13:51 . 2012-01-31 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-02 16:25 . 2012-02-02 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-31 13:51 . 2012-01-31 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2012-02-02 16:31 655468 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2012-01-31 13:58 655468 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2012-01-31 13:58 125790 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2012-02-02 16:31 125790 c:\windows\System32\perfc009.dat
    + 2012-02-02 16:24 . 2012-02-02 16:25 371864 c:\windows\System32\FNTCACHE.DAT
    + 2010-10-22 15:14 . 2012-02-02 16:25 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2010-10-22 15:14 . 2012-01-31 14:37 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2010-10-24 17:44 . 2012-01-31 13:44 985760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-10-24 17:44 . 2012-01-31 23:59 985760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-10-25 22:33 . 2012-01-31 23:59 370080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2010-10-25 22:33 . 2012-01-31 13:44 370080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-02-02 16:33 . 2012-02-02 16:33 606720 c:\windows\Installer\68145.msi
    + 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
    + 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe
    + 2012-02-02 16:33 . 2012-02-02 16:33 587048 c:\windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ARPPRODUCTICON.exe
    + 2012-02-02 16:31 . 2012-02-02 16:31 300328 c:\windows\Installer\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}\ARPPRODUCTICON.exe
    + 2012-02-02 16:32 . 2012-02-02 16:32 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
    + 2012-02-02 16:32 . 2012-02-02 16:32 587048 c:\windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe
    - 2006-11-02 10:22 . 2012-01-31 14:44 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2006-11-02 10:22 . 2012-02-01 00:00 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-05-04 13:27 . 2012-01-31 23:59 2108564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-8192.dat
    + 2011-05-04 13:27 . 2012-01-31 23:59 9076316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-4096.dat
    + 2011-06-18 17:00 . 2012-01-31 23:59 1610612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1957138177-2925787731-1041521244-1000-12288.dat
    + 2012-02-02 16:33 . 2012-02-02 16:33 1613312 c:\windows\Installer\6813f.msi
    + 2012-02-02 16:33 . 2012-02-02 16:33 2882048 c:\windows\Installer\68138.msi
    + 2012-02-02 16:32 . 2012-02-02 16:32 8826368 c:\windows\Installer\68131.msi
    + 2012-02-02 16:32 . 2012-02-02 16:32 2030080 c:\windows\Installer\6812a.msi
    + 2012-02-02 16:31 . 2012-02-02 16:31 11245568 c:\windows\Installer\68124.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-21 12:17 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    .
    c:\users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Product Registration.lnk - c:\users\User\AppData\Local\Temp\is-HHKAI.tmp\ATR1.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
    2009-07-30 18:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
    2007-06-29 17:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-07-16 16:54 311984 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-12-12 07:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    2007-07-16 16:54 25264 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    2007-07-16 16:54 434864 ----a-w- c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2003-06-18 12:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    2008-08-18 08:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-11-09 17:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
    .
    2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 17:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://msn.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tzu18q8h.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-GoToAssist - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-02 19:23
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    [0] 0x458B0824
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID4194561\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A2\5&86f990b&0&UID67109121\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&12345678&00&02\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\TEO6770\5&1af07271&0&12345678&04&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    Completion time: 2012-02-02 19:32:00
    ComboFix-quarantined-files.txt 2012-02-02 19:31
    ComboFix2.txt 2012-01-31 21:44
    .
    Pre-Run: 378,630,496,256 bytes free
    Post-Run: 378,606,166,016 bytes free
    .
    - - End Of File - - 6AC1B42247A0B36F8B0036BCDBB84ED5
     
  13. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    MSconfig

    start up TAB

    16 unchecked
    7 checked

    services TAB
    Microsoft processed hidden

    Everything unchecked apart from
    Secunia
    Malware bytes
    Norton 360

    Running processes now 59
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Better to do the Services like this:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Click on Start> Run> type in services.msc> Enter> You need to be very careful stopping Services. Some have dependencies they need running to run, and other Services may depend on this Service to run. I use Safe Mode to make any Service changes because you can handle the Dependencies in this mode.

    But before making changes, I'd like you to compare with Black Viper's recommendations:
    http://www.blackviper.com/2009/05/3...-vista-service-pack-2-service-configurations/
    Everything you need to know about Services is there. Scroll down to the chart. You can get description of the Service and learn the dependencies.

    Have you noticed any improvement in the system yet?
     
  15. flash4203

    flash4203 TS Rookie Topic Starter Posts: 26

    Yeah the computer does seem to be quicker when it goes into peoples profiles, it does hang a little between the welcome screen with the user windows, and the desktop.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This is the personal data loading. The more you have, the longer it will take. And if it starts on boot and runs in the background, it will also delay the shutdown. Even if you have enough RAM on board, this loading or shutting down will take time.

    Did you-or do you know if they do the maintenance I suggested. This system has Install Date: 02/01/2002. That's 10 years ago. A system in use this long would have to be treated tenderly. Regular maintenance is a must! There are no System Restore point showing. Either they don't know the value of having restore points handy or they like to live dangerously!

    I think the best thing I can do for you here is have you run HijackThis. After I review the log, I can tell you which processes don't need to be running. You can then check them to have HJT stop them and if appropriate, uncheck them on the Startup Menu and/or put a Service on Manual if the program has a Service.
    =======================================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm ready to close the thread. Reply if you still have problems.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...