Share this topic on Del.icio.usShare this topic on FacebookShare this topic on MySpaceShare this topic on StumbleUponShare this topic on TwitterShare this topic on Google buzz

Author Topic: Okay smart people, I need some help. HiJackThis log included!  (Read 4659 times)

0 Members and 1 Guest are viewing this topic.

JAG

  • *
  • Posts: 670
  • Gender: Female
  • Location: On the shores of Lake Erie
  • Joined:Jul 2009
  • Offline
I think I may have downloaded something from a fucking torrent last night. Serves me right; I stopped messing with those muthers about a year ago because of a nasty virus but the kids were bored and driving me crazy; so a movie seemed like a good idea at the time. I hope one of you can find something in this HiJackThis log because the laptop is moving so damn slow that it is unusable at this point. I can't even run my malware or virus software because it will just time out at this rate! The only possible clue I may have is that I was getting the following message:

rundll32.exe has become unresponsive

I have no idea if it is related to the problem or if it is just because I can't get programs to close 90% of the time IF I get them open to even begin with! I am so pissed! Any help is VERY appreciated. Thanks!

I think I may have downloaded something last night that is really messing with my laptop. It is running extremely slow, beyond slow. It is timing out and the only clue I have is a message that says: rundll32.exe is not responding. I am at my wits end. I am running Windows XP Media Centre Edition and use Google Chrome as my browser. I can't use my laptop at this point and I can't even run my malware, spyware or virus programs because of how SLOW the computer has become. Please help! I am posting a Hijackthis log, I hope someone can see something on it. I need help! Thanks! Oh, and the laptop is using Windows XP Media Centre Edition and I use Google Chrome as a browser.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:53, on 28/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10189 bytes
~Sarah~
*100% Certified Honouary Canuck*
________________________________________



Port Cockerton:

"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!"
"Copy that."
"Solution, Captain Powerful?!"
"MORE powder of confidence..."

turd

  • *
  • Posts: 6
  • Location: Lennoxvegas
  • Joined:Dec 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #1 on: Jul 28, 2010, 08:12 PM »
did the torrent have an .exe file in it that you clicked possibly? if a movie is packaged in a .exe file, NEVER open it

if the file was an .avi or . mkv, ect you shouldn`t of had a problem.

maybe try a disk cleanup and then disk defrag just to see if it helps.

my suggestion if you`re going to download movies, find a good warez site that hosts megaupload/rapidshare/hotfile links. torrents aren`t good imo, too easy to get caught

 :beermug: :6paper:

Mitch Lahey

  • *
  • Posts: 1615
  • Gender: Male
  • Location: Catalina Island, CA
  • Joined:Jan 2006
    • NASA Marshall Space Flight Center
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #2 on: Jul 29, 2010, 06:39 AM »
the main problem is you're running XP Media Centre Edition. It is a notoriously fucked up operating system, the likes of which were only seen later in Windows Vista.

There is still hope though. I would recommend SpyBot Search & Destroy and Adaware SE which are both free and are used everyday by people who design and manipulate virii and spyware programs for major corporations.

I would highly recommend just copying everything you want to keep to an external hard disk and re-formatting and installing Windows XP Pro or Ultimate or XP Black Edition or Win 7 (If your computer can support it) all are way more reliable and stable operating systems (If you have to use Windows) If not there's many user friendly linux OS'es and there's always Mac OS X! :) Good luck & Peace!
-Mitch Dolphin (I work for Cyrus now)

"Hey everybody, there's a shitcloud comin'! Run for your lives!" -Randy Quaid in Kingpin

JAG

  • *
  • Posts: 670
  • Gender: Female
  • Location: On the shores of Lake Erie
  • Joined:Jul 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #3 on: Jul 29, 2010, 10:30 AM »
The computer is a hand me down, so I never changed the OS...I need to add memory to the laptop before I change the OS though I might have a copy of Windows XP Professional around here someplace.

I usually can turn things around when one of the computers gets fucked but I am not quite sure where to start this time.

I am on the desktop now and I have the laptop next to me; so I am trying to research on one computer and then apply it to another. Frustrating as all hell when you've got a million other things to do!

I've been looking into getting a Mac for sometime now; I need a money infusion big time! After I get this laptop turned around I'm passing it on to the kids.

Thank you guys for responding so quickly; I'm ready to take a hammer to the damn thing. If someone wants to hold my hand and tell me exactly where to start, that would be great too. I am "Googling" my brains out at this point.

I just ran another HJT log and I am going to start from there. I think...I don't fucking know any more!
~Sarah~
*100% Certified Honouary Canuck*
________________________________________



Port Cockerton:

"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!"
"Copy that."
"Solution, Captain Powerful?!"
"MORE powder of confidence..."

bellly

  • *
  • Posts: 63
  • Gender: Male
  • Location: Birmingham
  • Joined:Sep 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #4 on: Jul 29, 2010, 11:51 AM »
Run a system restore by booting into safe mode. If you dont have restore active get back to me

JAG

  • *
  • Posts: 670
  • Gender: Female
  • Location: On the shores of Lake Erie
  • Joined:Jul 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #5 on: Aug 02, 2010, 03:06 PM »
I was finally able to get around to doing a system restore and things are better. I still plan on re-running HJT because I don't fully trust that everything is okay. (This is a hand me down computer after all.) My sister did find Ubuntu.

http://www.ubuntu.com/

It looks interesting. Any opinions?
~Sarah~
*100% Certified Honouary Canuck*
________________________________________



Port Cockerton:

"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!"
"Copy that."
"Solution, Captain Powerful?!"
"MORE powder of confidence..."

Mitch Lahey

  • *
  • Posts: 1615
  • Gender: Male
  • Location: Catalina Island, CA
  • Joined:Jan 2006
    • NASA Marshall Space Flight Center
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #6 on: Aug 03, 2010, 01:43 AM »
I like Ubuntu, but not really for daily use as an OS... I run a triple-boot Ubuntu/Win 7/Mac OS X setup atm. Hijack This! is handy, definitely (for certain circumstances) as well, esp. letting other people on forums understand exactly what is going on on your machine... post your new/latest HJT log here and I will continue to try and help as much as I am able!

P.S.

It would also help if you could post the full specs of the machine.. model #, CPU, RAM, etc.
« Last Edit: Aug 03, 2010, 01:49 AM by Mitch Lahey »
-Mitch Dolphin (I work for Cyrus now)

"Hey everybody, there's a shitcloud comin'! Run for your lives!" -Randy Quaid in Kingpin

JAG

  • *
  • Posts: 670
  • Gender: Female
  • Location: On the shores of Lake Erie
  • Joined:Jul 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #7 on: Aug 05, 2010, 04:10 PM »
The computer is a Dell Inspiron 9300 laptop. Here are the specs from the CNET website:
http://reviews.cnet.com/laptops/dell-inspiron-9300-notebook/1707-3121_7-31351063.html


Also, here is the latest Hijack this log. I see a few things that look totally extraneous but am not 100% sure. (I have only finished 1 semester of school in computers so far.) I'd like to get rid of all the crap, especially the shit from my sister. It was her laptop first and I have had to debug this sucker a few times from the crap she downloaded. I intend on giving this laptop to my older two kids and getting myself a new laptop. This one is nice, but it is really big for a laptop. So, let me know what can go...Plus, why does Internet Explorer crap keep showing up? I thought I deleted that muther! I use Google Chrome and very occasionally Firefox as browsers. How can I rid my computer of it completely? I'd like to get this computer running faster.

THANKS A LOT FOR THE HELP!!!!  8)  :beermug:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:54, on 05/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JENNIFER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9994 bytes

~Sarah~
*100% Certified Honouary Canuck*
________________________________________



Port Cockerton:

"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!"
"Copy that."
"Solution, Captain Powerful?!"
"MORE powder of confidence..."

TheFave

  • *
  • Posts: 164
  • Joined:Nov 2008
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #8 on: Aug 05, 2010, 09:03 PM »
time to become a luddite.

jwaschke

  • *
  • Posts: 33
  • Gender: Male
  • Location: Provances Like Texas but farther North
  • Joined:Jan 2007
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #9 on: Aug 06, 2010, 11:21 AM »
If you are still thinking you have some internet herpes download, install, and update this:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

This is what I primarily use on office workstations that agents get all fouled up, if you are still seeing slowness then use this:
http://www.bleepingcomputer.com/download/anti-virus/combofix
Combofix is my heavy hitter and only used if NOTHING else will get it (outside of a BartPE bootable Kaspersky AV disc - but those are EXTREME cases).

You will want to get into Internet Properties and :
1) delete temp files (this will speed up your scan)
2) go under connections (in internet properties) and under LAN proxy settings make sure the bottom portion isn't checked (if it is any updates for Malwarebytes and Combofix will fail)

Microsoft Security Essentials isn't a bad AntiVirus, I have been impressed at how lightweight it is on the system (and I am a MS skeptic cos they are not known for steller products outside of Operating Systems).
Stay away for Linux unless you are an UberGeek, I am a network administrator who runs a Linux file server at home and I even struggle with it sometimes when configuring it to do weird shit.  Linux doesn't have the support Windows does (and this also goes for MAC too!) so finding help for issues isn't very easy.  Where I live there is only 3 Apples Shops between North of Seattle to the BC border and 2 of those apple shops are run by Cyrus wannabe's. 
Good luck to you and remember to run all those scanners in Safe mode WITH NETWORKING <<< very important for updates.

oh and PS
What you got wouldn't probably be caught by any AV cos it is considered spyware/adware and most of your AV stuff doesn't do that.

Now Fuck off I got work to do!
Refuckulate the Carbonator

Mitch Lahey

  • *
  • Posts: 1615
  • Gender: Male
  • Location: Catalina Island, CA
  • Joined:Jan 2006
    • NASA Marshall Space Flight Center
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #10 on: Aug 07, 2010, 07:17 AM »
I would get rid of Avira Antivirus, a client had that installed recently and it seemed to be causing a lot of problems, I removed it and everything seemed to clear up after running SpyBot S&D - it found like 400 entries, removed those then applied Immunization.

You can also click Run... and type "msconfig" and shut off non-essential start-up processes and services (Looks like you have a lot running). Make sure to click "Hide Microsoft Services" so you don't turn off anything you're not supposed to.
-Mitch Dolphin (I work for Cyrus now)

"Hey everybody, there's a shitcloud comin'! Run for your lives!" -Randy Quaid in Kingpin

JAG

  • *
  • Posts: 670
  • Gender: Female
  • Location: On the shores of Lake Erie
  • Joined:Jul 2009
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #11 on: Aug 09, 2010, 11:51 AM »
I am going to get started with all of your suggestions here in a little bit. I appreciate the help. I don't know what the hell my sister was doing with this damn laptop! I've done nothing but try to clear shit off of it since day one.  :roll:

Mitch, what do you suggest instead of Avira? I used to have AVG a long time ago, but found it to be a memory hog and it didn't catch a nasty virus that almost wiped out my desktop. I got Avira back when I used to download a lot of torrents because it was supposed to be good with UTorrent.

I also have MalwareBytes and CCleaner on the laptop too. What do you think about these two?
~Sarah~
*100% Certified Honouary Canuck*
________________________________________



Port Cockerton:

"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!"
"Copy that."
"Solution, Captain Powerful?!"
"MORE powder of confidence..."

Mitch Lahey

  • *
  • Posts: 1615
  • Gender: Male
  • Location: Catalina Island, CA
  • Joined:Jan 2006
    • NASA Marshall Space Flight Center
  • Offline
Re: Okay smart people, I need some help. HiJackThis log included!
« Reply #12 on: Aug 16, 2010, 04:52 PM »
Malwarebytes and CCleaner are both safe to use, I would use them and Spybot S&D in combination with AdAware SE.. whatever one of them doesn't pick up the others should.. It also helps sometimes to boot up into safe mode and run a scan then log in regularly and scan again to remove everything completely. Hold F8 at startup and you should be able to select Safe Mode with Networking.

Good luck! :)
-Mitch Dolphin (I work for Cyrus now)

"Hey everybody, there's a shitcloud comin'! Run for your lives!" -Randy Quaid in Kingpin