Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   I need some help... Please!!!!		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: I need some help... Please!!!!  (Read 2310 times)
joker321
Newbie
*





   


Posts: 3
I need some help... Please!!!!
« on: Nov 7th, 2009, 12:12am »		 Quote Quote  Modify Modify
I'm pretty sure I got some kind of spyware, trojan, etc.... My cpu usage is through the roof when I use IE.  Task manager shows the usage for iexplore.exe constantly over 50 getting into the high 90's (sound like a weather man) and constantly freezing.  I've run various spyware programs and I'm using the trial for Trojan Hunter to see what happens.  Here is my HJT...  Any help is greatly appreciated.
 
Thought this might be useful info... I've tried to run IE with add-ons disabled and have the same problem.  I downloaded Firefox and I am able to go online no problems and my cpu usage is way lower on Firefox
 
OS is Vista Home Premium
 
Logfile of HijackThis v1.99.1
Scan saved at 1:11:39 AM, on 11/7/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIjaq\Hijaq.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2010\launcher.exe" delay 20000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:  
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUpl oader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
 
 
« Last Edit: Nov 7th, 2009, 12:24am by joker321 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: I need some help... Please!!!!
« Reply #1 on: Nov 7th, 2009, 3:06am »		 Quote Quote  Modify Modify
Your HJT log is not showing anything malicious; however, that does not necessarily mean that you are clean.  
 
Is your Vista OS a 64-bit version?  And what spyware scanners have you already tried other than TrojanHunter.
 
Here are some things to try.
 
1.  Download/install CCleaner (slim) from the link below.  
 
http://www.ccleaner.com/download/builds.aspx
 
-  Open CCleaner and checkmark everything under Windows> "Internet Explorer", "Windows Explorer", and "System".  DO NOT checkmark anything under "Advanced".
 
-  Run the Cleaner component and let it clean out temp files and Internet Explorer temp files.   NOTE:  DO NOT run the Registry cleaner component.  
 
2.  You could have a corrupt setting in IE7.  
 
-  Go to Control Panel>Internet Options>Advanced tab.  
 
-  Be sure that IE7 is closed.
 
-  Reset the Internet Explorer settings by clicking on the Reset buttton under "Reset Internet Explorer settings".  Confirm that you want to reset the settings.  
 
3.  Be sure that your JAVA is up-to-date.
 
http://java.sun.com/javase/downloads/index.jsp
 
-  You would install the one labeled JRE 6 Update 17
 
4.  Upgrade to IE8 via the link below:
 
http://www.microsoft.com/en/us/default.aspx
 
-  Under Popular Downloads, click on Internet Explorer 8.
 
5.  Ensure that you have the latest updates/hotfixes from Microsoft by going to Windows Update.  
 
Does any of the above resolve your IE7 issue?
« Last Edit: Nov 7th, 2009, 3:34am by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
joker321
Newbie
*





   


Posts: 3
Re: I need some help... Please!!!!
« Reply #2 on: Nov 7th, 2009, 10:27am »		 Quote Quote  Modify Modify
Ok I tried the above suggestions, I'm still having the same problem with IE.  Any other suggestions?
 
Windows Vista Home Premium 32-Bit
 
I've run...
 
Spybot Search and Destroy
Spywear Terminator
RemoveIT Pro
CCleaner and Trojan Hunter
 
Trojan Hunter found nothing... then again it was the last program I ran.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: I need some help... Please!!!!
« Reply #3 on: Nov 7th, 2009, 2:27pm »		 Quote Quote  Modify Modify
Try running the online scanner of SuperAntiSpyware  
 
http://www.superantispyware.com/onlinescan.html
 
and the online scanner of Bit Defender
 
http://www.bitdefender.com/scanner/online/free.html
 
Temporarily disable as many running programs as you can prior to running these scans.  (icons next to the clock in the Notification Tray).  Also Temporarily disable your security programs except your software firewall.  
 
Please post back here the scan log of SuperAntispyware and also of Bit Defender.
« Last Edit: Nov 7th, 2009, 2:28pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
joker321
Newbie
*





   


Posts: 3
Re: I need some help... Please!!!!
« Reply #4 on: Nov 8th, 2009, 2:17pm »		 Quote Quote  Modify Modify
Sorry about the delay... Had to run some errands yesterday and didn't get in till late.  I ran spybot search and destroy in safe mode last night which cleaned up a few things.  This morning I ran SuperAntispyware which didnt find anything and also ran bit defender.  I only got a log from bitdefender which is posted below.
IE seems to be running alright as of this morning... I'm hopeful my last scan with S&D took care of whatever was causing these issues.  On a side note can you recommend software to scan or repair my registry.
 
 
 
BitDefender QuickScan Beta v0.9.7.8
-----------------------------------
 
Scan date:  Sun Nov 08 14:55:40 2009
Machine ID: E4C46CAD
 
D:\autorun.inf executes D:\info.exe
 
 
No infection found.
---------------------
 
 
Processes
---------
<unsigned>  DQLWinSe Application       1612    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
<unsigned>  PrismXL Service       2132    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
<unsigned>  Event Monitor User Notification Tool      2532    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<unsigned>  RAID Monitor           788    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
<unsigned>  STacSV Module         2248    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
<unsigned>  Spyware Terminator Realtime Shield Service     2172    C:\Program Files\Spyware Terminator\sp_rsser.exe
<unsigned>  Sigmatel Audio system tray application    1408    C:\Windows\sttray.exe
 
<verified>  avast! service GUI component    3640    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified>  avast! antivirus service        1680    C:\Program Files\Alwil Software\Avast4\ashServ.exe
<verified>  avast! Antivirus updating service    1664    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
<verified>  Bonjour Service       1472    C:\Program Files\Bonjour\mDNSResponder.exe
<verified>  Apple Mobile Device Service     1424    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified>  Machine Debug Manager       124    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified>  Intel® Alert Service       1268    C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
<verified>  Intel® Viiv™ Settings      3440    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
<verified>  Intel® Viiv™ Settings      1568    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
<verified>  Intel® Software services manager     2428    C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
<verified>  mediaserver.exe       2952    C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
<verified>  Intel® Application Tracker      2460    C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
<verified>  Intel® Remoting Service         2904    C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
<verified>  Java(TM) Platform SE binary     3964    C:\Program Files\Java\jre6\bin\jusched.exe
<verified>  IPoint.exe       3480    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified>  IType.exe        3504    C:\Program Files\Microsoft IntelliType Pro\itype.exe
<verified>  Firefox          5376    C:\Program Files\Mozilla Firefox\firefox.exe
<verified>  Nero BackItUp          332    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
<verified>  Stereo Vision Control Panel API Server    2300    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
<verified>  Windows Defender User Interface      3872    C:\Program Files\Windows Defender\MSASCui.exe
<verified>  Media Center Media Status Aggregator Service   1240    C:\Windows\ehome\ehmsas.exe
<verified>  Windows Media Center Receiver Service     2892    C:\Windows\ehome\ehRecvr.exe
<verified>  Windows Media Center Scheduler Service    3104    C:\Windows\ehome\ehsched.exe
<verified>  Media Center Tray Applet        2740    C:\Windows\ehome\ehtray.exe
<verified>  Windows Explorer      2792    C:\Windows\Explorer.EXE
<verified>  Windows Audio Device Graph Isolation      1192    C:\Windows\system32\AUDIODG.EXE
<verified>  Client Server Runtime Process    568    C:\Windows\system32\csrss.exe
<verified>  Client Server Runtime Process    508    C:\Windows\system32\csrss.exe
<verified>  Modem Audio Service        2400    C:\Windows\system32\DRIVERS\xaudio.exe
<verified>  Desktop Window Manager     3584    C:\Windows\system32\Dwm.exe
<verified>  Local Security Authority Process      612    C:\Windows\system32\lsass.exe
<verified>  Local Session Manager Service    620    C:\Windows\system32\lsm.exe
<verified>  NVIDIA Driver Helper Service, Version 191.07    864    C:\Windows\system32\nvvsvc.exe
<verified>  NVIDIA Driver Helper Service, Version 191.07   1384    C:\Windows\system32\nvvsvc.exe
<verified>  PnkBstrA.exe          2092    C:\Windows\system32\PnkBstrA.exe
<verified>  Microsoft Windows Search Filter Host      9204    C:\Windows\system32\SearchFilterHost.exe
<verified>  Microsoft Windows Search Indexer     2376    C:\Windows\system32\SearchIndexer.exe
<verified>  Microsoft Windows Search Protocol Host    9192    C:\Windows\system32\SearchProtocolHost.exe
<verified>  Services and Controller app      600    C:\Windows\system32\services.exe
<verified>  Microsoft Software Licensing Service      1252    C:\Windows\system32\SLsvc.exe
<verified>  Windows Session Manager     432    C:\Windows\System32\smss.exe
<verified>  Spooler SubSystem App      1976    C:\Windows\System32\spoolsv.exe
<verified>  Host Process for Windows Services    1284    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    2316    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    2344    C:\Windows\System32\svchost.exe
<verified>  Host Process for Windows Services    1220    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    1076    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    1044    C:\Windows\System32\svchost.exe
<verified>  Host Process for Windows Services    1020    C:\Windows\System32\svchost.exe
<verified>  Host Process for Windows Services     932    C:\Windows\System32\svchost.exe
<verified>  Host Process for Windows Services     892    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services     804    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    2004    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    2116    C:\Windows\system32\svchost.exe
<verified>  Host Process for Windows Services    1492    C:\Windows\system32\svchost.exe
<verified>  Task Scheduler Engine      2620    C:\Windows\system32\taskeng.exe
<verified>  Task Scheduler Engine      3592    C:\Windows\system32\taskeng.exe
<verified>  Windows Start-Up Application     556    C:\Windows\system32\wininit.exe
<verified>  Windows Logon Application        720    C:\Windows\system32\winlogon.exe
<verified>  Windows Driver Foundation - User-mode Driver Frame  2708    C:\Windows\system32\WUDFHost.exe
 
 
Network activity
----------------
Process jusched.exe (3964) connected on port 80 (HTTP) - 63.97.127.11
Process firefox.exe (5376) connected on port 80 (HTTP) - 66.235.143.121
Process firefox.exe (5376) connected on port 80 (HTTP) - 74.125.65.138
Process firefox.exe (5376) connected on port 80 (HTTP) - 96.17.252.20
 
Process wininit.exe (556) listens on ports: 49152 (RPC)
Process services.exe (600) listens on ports: 49160 (RPC)
Process lsass.exe (612) listens on ports: 49156 (RPC)
Process svchost.exe (892) listens on ports: 135 (RPC)
Process svchost.exe (1020) listens on ports: 49153 (RPC)
Process svchost.exe (1076) listens on ports: 49155 (RPC)
Process svchost.exe (1284) listens on ports: 49154 (RPC)
Process Remote UI Service.exe (2904) listens on ports: 59277, 59911
Process mediaserver.exe (2952) listens on ports: 9666, 9667, 50107, 50133, 58001, 58002, 58080
 
 
Autoruns and critical files
---------------------------
<unsigned>  Network monitor for Intel® Hub Connect Technology   C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
<unsigned>  Google Desktop        c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
<unsigned>  Event Monitor User Notification Tool      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<unsigned>  QuickTime Task        C:\Program Files\QuickTime\QTTask.exe
<unsigned>  ShellExecuteHook      c:\program files\superantispyware\sasseh.dll
<unsigned>  SUPERAntiSpyware WinLogon Processor       C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned>  Sigmatel Audio system tray application    C:\Windows\sttray.exe
 
<verified>  avast! service GUI component    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified>  Canon My Printer      C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
<verified>  Virtual DAEMON Manager     C:\Program Files\DAEMON Tools\daemon.exe
<verified>  Intel® Viiv™ Settings      C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
<verified>  Java(TM) Platform SE binary     C:\Program Files\Java\jre6\bin\jusched.exe
<verified>  IPoint.exe       C:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified>  IType.exe        C:\Program Files\Microsoft IntelliType Pro\itype.exe
<verified>  TrojanHunter Guard         C:\Program Files\TrojanHunter 5.2\THGuard.exe
<verified>  Windows Defender User Interface      C:\Program Files\Windows Defender\MSASCui.exe
<verified>  MSN Search Toolbar Scheduled Update Utility    C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
<verified>  Media Center Tray Applet        C:\Windows\ehome\ehtray.exe
<verified>  Shell Browser UI Library        C:\Windows\System32\browseui.dll
<verified>  hkcmd Module          C:\Windows\system32\hkcmd.exe
<verified>  igfxdev Module        C:\Windows\system32\igfxdev.dll
<verified>  persistence Module         C:\Windows\system32\igfxpers.exe
<verified>  igfxTray Module       C:\Windows\system32\igfxtray.exe
<verified>  Userinit Logon Application      c:\windows\system32\userinit.exe
<verified>  Web Site Monitor      C:\Windows\System32\webcheck.dll
 
 
Browser plugins
---------------
<unsigned>  Bonjour Namespace Provider      C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned>  npitunes.dll          C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<unsigned>  RealJukebox Netscape Plugin     C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned>  6.0.11.3006           C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned>  MetaStream 3 Plugin r4     C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
<unsigned>  DiskFAU Module        C:\Windows\Downloaded Program Files\DiskFAU.dll
<unsigned>  PCPitstop Module      C:\Windows\Downloaded Program Files\PCPitstop.dll
<unsigned>  unagiuninst.exe       C:\Windows\Downloaded Program Files\unagiuninst.exe
 
<verified>  Adobe Acrobat IE Helper Version 7.0 for ActiveX     c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified>  WindowsLiveLogin.dll       c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified>  Fast Search           c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
<verified>  Google Toolbar        c:\program files\google\google toolbar\googletoolbar_32.dll
<verified>  GoogleToolbarNotifier      c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
<verified>  Java(TM) Platform SE binary     c:\program files\java\jre6\bin\jp2ssv.dll
<verified>  3.0.40818.0           C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified>  NPRuntime Script Plug-in Library for Java(TM) Depl  C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified>  Default Plug-in       C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified>  MSN® Shell Extender        c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
<verified>  RealPlayer(tm) LiveConnect-Enabled Plug-In     C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified>  Rhapsody Player Engine Plugin        C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
<verified>  Windows Live Toolbar for Internet Explorer     c:\program files\windows live toolbar\msntb.dll
<verified>  Yahoo Application State Plugin       C:\Program Files\Yahoo!\Shared\npYState.dll
<verified>  Acclaim GameLauncher ActiveX Control Module    C:\Windows\Downloaded Program Files\GameLauncher.ocx
<verified>  MSN Photo Upload Tool      C:\Windows\Downloaded Program Files\MsnPUpld.dll
<verified>  Facebook Photo Uploader 5 Control    C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
<verified>  MSN Photo Upload Tool      C:\Windows\Downloaded Program Files\PURen-us.dll
<verified>  Windows Presentation Foundation (WPF) plug-in for   c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified>  Internet Explorer          C:\Windows\System32\ieframe.dll
<verified>  NPSWF32.dll           C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified>  Microsoft Windows Sockets 2.0 Service Provider C:\Windows\System32\mswsock.dll
<verified>  E-mail Naming Shim Provider     C:\Windows\System32\NapiNSP.dll
<verified>  Network Location Awareness 2    C:\Windows\System32\nlaapi.dll
<verified>  PNRP Name Space Provider        C:\Windows\System32\pnrpnsp.dll
<verified>  LDAP RnR Provider DLL      C:\Windows\System32\winrnr.dll
 
 
Scan
----
 
No file uploaded.
 
Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 2.22 KB recvd
Scanned 1428 files and modules - 24 seconds
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7357
Re: I need some help... Please!!!!
« Reply #5 on: Nov 8th, 2009, 11:55pm »		 Quote Quote  Modify Modify
Quote:
IE seems to be running alright as of this morning... I'm hopeful my last scan with S&D took care of whatever was causing these issues.  On a side note can you recommend software to scan or repair my registry.

 
Glad to hear that S&D appears to have fixed your problem.  
 
Here are a couple of registry cleaners that I use and have good results with.  Both work well on XP, Vista, and Windows 7.
 
jv16 PowerTools 2009
 
http://www.macecraft.com/
 
jv16 User Forum
 
http://www.macecraft.com/phpBB3/index.php
 
 
Ace Utilities
 
http://www.acelogix.com/
 
Ace User Forum
 
http://www.acelogix.com/forums/
 
jv16 PowerTools is the more powerful of these.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »