Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Just Checking

Started by Lightk , Nov 28 2009 12:03 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 Lightk

Lightk

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:05:54 PM

Posted 28 November 2009 - 12:03 AM

I've been recently installing quite a bit of software into my PC lately, and it seems to be somewhat slowing down. Is it just because of the many programs in it? There's no real big problem though, I scan weekly with Malwarebytes and SuperAntiSpyware, and nothing unusual is found. I guess I'm just kind of paranoid and just want to check if my computer is clean, with no infections.


DDS (Ver_09-11-24.02) - NTFSX64
Run by Kirk Lee at 21:53:29.77 on 27/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3998.2282 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\a-squared Free\a2service.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kirk Lee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kirk Lee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kirk Lee\Desktop\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\adobe cs4\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\adobe cs4\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [AdobeBridge]
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\kirk lee\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files (x86)\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\syswow64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
AppInit_DLLs-X64: c:\windows\system32\guard64.dll

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-11-21 54480]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-27 118600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-27 33128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_7477fb4c\AESTSr64.exe [2009-8-12 88576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-11-27 108289]
R2 Cepstral License Server;Cepstral License Server;c:\program files (x86)\cepstral\bin\CepstralLicSrv.exe [2008-6-25 57344]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-3-20 365952]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-12-30 68608]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-21 126464]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-8-12 4828672]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-31 93184]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-11-21 1038088]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-11-28 03:27:46 0 d-----w- c:\programdata\Comodo
2009-11-28 03:27:43 33128 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-28 03:27:43 239616 ----a-w- c:\windows\system32\guard64.dll
2009-11-28 03:27:43 171552 ----a-w- c:\windows\syswow64\guard32.dll
2009-11-28 03:27:43 118600 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-28 03:27:43 0 d-----w- c:\program files\COMODO
2009-11-28 03:08:32 73048 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 03:08:31 0 d-----w- c:\programdata\Avira
2009-11-28 03:08:31 0 d-----w- c:\program files (x86)\Avira
2009-11-28 02:49:24 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2009-11-28 02:49:02 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2009-11-28 02:47:09 0 d-----w- c:\program files (x86)\Trend Micro
2009-11-27 23:48:07 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-11-27 23:48:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:24:44 0 d-----w- c:\users\kirkle~1\appdata\roaming\Azureus
2009-11-24 23:23:24 1875456 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 23:23:23 1794560 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:23:22 1399296 ----a-w- c:\windows\syswow64\msxml6.dll
2009-11-24 23:23:20 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2009-11-24 23:23:06 880640 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 23:23:06 714240 ----a-w- c:\windows\syswow64\timedate.cpl
2009-11-23 01:29:10 65536 --sha-w- c:\users\kirk lee\NTUSER.DAT{86496397-d7cf-11de-a18f-00235abdd827}.TM.blf
2009-11-23 01:29:10 524288 --sha-w- c:\users\kirk lee\NTUSER.DAT{86496397-d7cf-11de-a18f-00235abdd827}.TMContainer00000000000000000002.regtrans-ms
2009-11-23 01:29:10 524288 --sha-w- c:\users\kirk lee\NTUSER.DAT{86496397-d7cf-11de-a18f-00235abdd827}.TMContainer00000000000000000001.regtrans-ms
2009-11-22 20:55:19 0 d-----w- c:\program files (x86)\Cepstral
2009-11-22 20:50:53 0 d-----w- c:\users\kirkle~1\appdata\roaming\NCH Software
2009-11-22 20:49:05 0 d-----w- c:\program files (x86)\ScanSoft
2009-11-22 20:38:38 0 d-----w- c:\program files (x86)\eSpeak
2009-11-22 20:25:12 0 d-----w- c:\program files (x86)\NCH Swift Sound
2009-11-21 20:47:09 0 d-----w- c:\programdata\ALM
2009-11-21 20:43:08 54480 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2009-11-21 20:43:08 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-21 20:43:08 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-21 20:43:07 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2009-11-21 20:28:20 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-21 20:23:29 0 d-----w- C:\Adobe CS4
2009-11-21 00:04:28 0 d-----w- c:\programdata\NCH Swift Sound
2009-11-16 03:51:29 884 ----a-w- c:\users\kirk lee\.recently-used.xbel
2009-11-11 04:06:02 437248 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 04:06:02 351232 ----a-w- c:\windows\syswow64\WSDApi.dll
2009-11-11 04:06:00 2749952 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:37:03 0 d-----w- c:\programdata\Minnetonka Audio Software
2009-11-08 23:49:58 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2009-11-06 01:40:49 0 d-----w- c:\programdata\WindowsSearch
2009-11-04 23:34:49 5939712 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-04 23:34:47 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2009-11-04 23:34:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2009-11-28 03:39:25 672380 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-28 03:39:25 127578 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-28 03:29:44 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-11-28 03:29:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-28 03:29:42 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 03:42:06 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-10-04 20:33:33 695578 ----a-w- c:\windows\syswow64\unins000.exe
2009-09-10 17:53:48 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:33:02 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-09-10 15:48:45 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:48:17 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-09-10 15:21:07 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-09-04 12:52:46 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 12:24:34 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-08-31 14:12:46 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 14:12:39 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-08-31 13:55:50 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-08-31 13:55:46 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-03-20 12:04:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-20 11:30:11 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-03-20 11:30:11 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-03-20 11:30:11 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-03-20 11:30:11 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-20 11:48:58 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:54:20.33 ===============


---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 PM, on 27/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kirk Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files (x86)\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8954 bytes


~Thank you, help would be much appreciated~

Attached Files


BC AdBot (Login to Remove)

 

#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:54 PM

Posted 05 December 2009 - 09:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#3 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:The United States
  • Local time:04:54 PM

Posted 12 December 2009 - 01:52 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact either me or another staff member.

Everyone else please start a new topic.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·