Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WebClient


  • Please log in to reply
17 replies to this topic

#1 bethb1

bethb1

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 26 March 2011 - 11:50 AM

trying to send you a DDS log.not sure if I did it or not,I believe I have suspicous things running as I have checked them with your start up list,I also have several processess running that I can not find in your data base could you help please.

Attached Files

  • Attached File  DDS.txt   11.27KB   4 downloads


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:13 PM

Posted 01 April 2011 - 02:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 02 April 2011 - 09:25 AM

thanks Finally, I have been waiting for ya'll thought you had forgot me, I am going now to try and run the things you ask of me, just letting you know I am still here,Thank you

#4 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 02 April 2011 - 10:11 AM

Bare with me

Running a Dell Demension DIMC521
Processor AMD Sempron 3400+ 1.80gz
32 Bit Operating system
Windows Vista Basic Home Service Pack 2
Memory Ram 512

problem is,freezing during game playing, slow to start, few months back caught some viruses, thought I was all clear ran malwarebytes, too many things running (task manager) and after checking some of your list, they say they are viruses, I can not remove them, I also have looked at it from pressing Ctrl +Alt + Delete, not just task manager,just feel something is not right with start up programs, the only way I can play games is to run Iobitz advance system care and hit boost my computer which stops alot of processes, I am aware I am low on memory,but can not afford to buy more, I also found I have several cloned disk,another subject I guess.

So now I will try to post the logs you need and see what you can tell.

I do not have orinal windows cd, but I bought this brand new out of box about 3 years ago, not real computer savy but am familar with it..here is DDS Log
DDS (Ver_11-03-05.01) - NTFSx86
Run by Beth at 10:04:03.61 on Sat 04/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.446.158 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Beth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2H3R4WYO\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uStart Page = hxxp://search.iobit.com
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {7757cbcc-0975-4b79-a519-90b142ca3a23} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Toolbar BHO: {efa17361-cdc0-4927-9afc-baad1f96b2ae} - c:\program files\iobitbar\toolbar\1.bin\i0bar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
EB: {D43C4506-23BE-B14F-05E4-FC837E6B3B7F} - No File
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296512007814
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]
R2 IObitBarService;IObit Toolbar Service;c:\progra~1\iobitbar\toolbar\1.bin\i0barsvc.exe [2010-12-1 28766]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-01 17:33:35 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{21b9ee8d-ee09-45c2-a987-6b73911b7ff5}\mpengine.dll
2011-03-27 20:09:17 -------- d-----w- c:\users\beth\appdata\local\CrashDumps
2011-03-27 03:35:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-27 03:35:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-27 03:35:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 06:30:19 -------- d-----w- c:\users\beth\appdata\roaming\AVG10
2011-03-26 06:22:57 -------- d-----w- c:\progra~2\AVG10
2011-03-26 06:21:30 -------- d-----w- c:\program files\AVG
2011-03-26 05:50:32 -------- d-----w- c:\progra~2\MFAData
2011-03-23 11:55:07 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 11:55:06 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 11:55:05 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-09 06:57:05 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 06:57:04 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 06:57:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 06:57:03 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 06:56:56 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 06:56:55 677888 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 10:05:42.90 ===============

Edited by bethb1, 02 April 2011 - 11:18 AM.


#5 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 02 April 2011 - 11:22 AM

sorry hopefully this is the gmer log attachment below,please bare with me I will check back every hour of less to see what you need from me,will stay till the end, not real computer literate but can find my way around thanks for helping me!Attached File  ark.txt   9.42KB   3 downloads

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 04 April 2011 - 06:12 PM

Hello. I will be helping you :) .

It doesn't look like you have any malware on board. What processes/files concern you?

The slowness is almost certainly from lack of RAM. Vista needs at least 1GB to run comfortably. You have less than ahve of that.


Let's see if Kaspersky catches anything.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select Critical Areas.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Download, Install, and Save Log with HijackThis
We can use HJT to cut down one some startups.
  • Download the installer HERE onto your desktop and double click it.
  • You may be asked for confirmation for running an executable file. Select Run.
  • You will be asked choose the install location. Please leave it at the default:
    C:\Program Files\Trend Micro\HijackThis.
  • Select Install.
  • The installation process should only take a few seconds. A shortcut named HijackThis will be created on your desktop so there will be no need to access the HijackThis program directly. The HijackThis window will pop-up after the installation.
  • Click Do a System Scan and Save a Log File.
  • The scan will complete in a moment and the log will pop-up.
  • Copy the contents of the log into your next post.


With Regards,
The Panda

#7 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 05 April 2011 - 03:10 PM

okay thanks so much,been waiting on you,grateful for the help, going now to try and run scan with Kaspersky,just letting you know I am still here. Thanks so much for your time and help Beth

#8 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 05 April 2011 - 05:29 PM

Here is the HJT,Log, Kaspersky failed it said I had interuppted internet connection,not sure, gonna try it again I think also might be a problem with JAVA ,gonna try again Thanks
P.S.
Also one of my concerns, as you mentioned above, is something running in task manager under services called WEB Client, I can not disable it and it is listed as not good in ya'll list of uninstall list,I will try to run kaspersky now.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:38 PM, on 4/5/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {7757CBCC-0975-4b79-A519-90B142CA3A23} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Toolbar BHO - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296512007814
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IObit Toolbar Service (IObitBarService) - IObit - C:\PROGRA~1\IObitBar\toolbar\1.bin\i0barsvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6610 bytes

Edited by bethb1, 05 April 2011 - 05:34 PM.


#9 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 05 April 2011 - 06:25 PM

ok so kaspersky says I have to go to website to do scan that liscense has expired can you tell me what do to, says it must be done with un interrupted internet connection, I want to be sure and go to correct legit website, so I will wait for further instructions from you thanks.I tried to copy the error code for you but it would not let me.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 05 April 2011 - 08:04 PM

Hello.

The WebClient service you describe is a legitiment Windows service.

Don't worry too much about the Kaspersky scan. We can try an alternative.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop. If you are using Windows Vista, right click dss.exe and select Run as Administrator.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Restart your computer. Does that help the slowness a bit?

Run ESET Online Scan
Let's try this instead of Kaspersky.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

With Regards,
The Panda

#11 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 05 April 2011 - 11:34 PM

ok so I fixed the hijack this checked off per your suggestions restarted computer ,seemed a bit faster,tried twice to run Eset Online scan, failed twice 2nd error code was 2002 ? it kept saying at prompt that Windows Defender was detected but I disabled real time protection and every other form of firewall etc I could I currently have no protection, dont know what I am doing wrong? any more suggestions so sorry for this trouble running these scans.
Will wait on your reply.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 06 April 2011 - 07:42 PM

Hello.

It's not a big problem. Sometimes, scanners fail to detect whether or not you have firewalls/antiviruses enabled.

F-Secure Online Scan
Let's try Fesecure.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please also run the DDS scan again and post that log.
With Regards,
The Panda

#13 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 07 April 2011 - 07:49 AM

ok will do shortly,again thanking you for your help

#14 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 07 April 2011 - 09:42 PM

sorry for delay, had to work a longer than thought today, I tried the F Secure Online scanner twice it wnt through the whole installation process ,then redirects me to my internet provider (comcast) to sign in with some strange id and password, ??? long story short it did not work.What is the problem with these scanners? any other suggestions?
Still hanging in there, thanks for your help,will wait on your reply.

Nevermind, there was an issue with my cable modum, they just reset modem, it was preventing me from doing certain things,so long story short,gonna try to do scan again
at F Secure.thanks

Edited by bethb1, 08 April 2011 - 02:02 PM.


#15 bethb1

bethb1
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:13 PM

Posted 11 April 2011 - 12:59 AM

Panda , I am still here I am not able to download or use any of the scanners you suggested, but I need to contact internet provider again, when I get to certain web pages ,one of which is these online scanners, my internet provider page comes up and ask for special password, I believe my modem is messed up as they had to reset it the other day,I still want to fix some issues on my computer so please bare with me, this is very frustrating.I believe something else is wrong ,is there something a log or something I could run in the mean time, or should I wait on comcast to fix modem issues first? Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users