hijackthis log for review

M

metaulic

New Member
Hi Guys,

First post ever! Found this pretty sweet forum just an hour ago. My laptop is not that fast anymore. I really cannot tell if it is the entire laptop or just IE. But the speed of IE is definately a LOT slower. My new desktop computer is also wireless (same network) and is craaaaazy fast. So I know its the laptop and not the isp/modem/router.

I have ran ccleaner, MalwareBytes and HiJackthis. Thanks a lot for spending 5 minutes of your valuable time to review.

--------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8377
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
15/12/2011 12:43:38 PM
mbam-log-2011-12-15 (12-43-38).txt
Scan type: Quick scan
Objects scanned: 193463
Time elapsed: 4 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

-------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:15 PM, on 15/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Erik\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Erik\AppData\Local\Akamai\netsession_win.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Erik\AppData\Local\Akamai\netsession_win.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--
End of file - 8283 bytes
 
Explain the slowness of IE. Is it just when its loading after you click the icon or all the time? Have you downloaded and installed Ccleaner yet? Ccleaner will delete all the old temporary intenet files along with temp system files that can slow your browsing down.

Do you have any clue what this is for?

O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Erik\AppData\Local\Akamai\netsession_win. exe
 
johnb35 said:
Do you have any clue what this is for?

O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Erik\AppData\Local\Akamai\netsession_win. exe
Click to expand...

I went to the folder and found the readme and it says "The Akamai NetSession Interface is a download manager application. It was installed on your computer when you downloaded content that uses the service to provide secure, high integrity downloads of large files."

I have no problem uninstalling it. There is even an uninstall program.

I will answer your first questions shortly....
 
johnb35 said:
Have you downloaded and installed Ccleaner yet? Ccleaner will delete all the old temporary intenet files along with temp system files that can slow your browsing down.
Click to expand...


Yes I have done this. I did Malwarebytes first then I did ccleaner then hijackthis. I deleted all my old internet files etc through ccleaner yes.

I think IE may be quick and fast now. I say we leave it as-is and if it is still bothering me in the next few days I will chime in.

Thanks a lot for your help and your time!
 
Last edited:
You can also go in and reset IE back to defaults which usually helps too. Especially if you have addons which may be causing the slowness.
 
Hi John,

I have semi-narrowed down the problem. I noticed sometimes IE is quick as hell and sometimes it is very slow. So I decided to play around and I have noticed that there is something that is making my computer slow (not IE slow). For instance if I want to open up "My Documents" it should just open up but it doesnt, the computer needs to think for about 3 seconds then open it up.

Whaddya think? lol...
 
How much system memory is installed and what processor do you have? We can run some more programs to make sure you are clean. It's up to you.
 
johnb35 said:
How much system memory is installed and what processor do you have? We can run some more programs to make sure you are clean. It's up to you.
Click to expand...

80.5GB free (out of 290GB)
300GB of memory ram (2.68gb usable)
32 bit operating system
intel core i5 [email protected]
windows 7 home premium
It is a dell laptop

it took a good 30 seconds to open up the control panel and a good 30 seconds to view the devices and hardware.

something is seriously wrong with windows. it is too slow.
it needs a lot of time to think and seems to get upset when i try and open other programs while it is thinking (i.e. opening up notepad while it is trying to open the control panel)

I do not have a backup and restore. (yes I am an idiot).

(Just checked control panel etc again and it is fast now. I suspect something is intermitendly slowing down my computer)
 
Last edited:
ok, lets do this.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
johnb35 said:
ok, lets do this.In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
Click to expand...

COMBOFIX
ComboFix 11-12-15.02 - Erik 15/12/2011 21:16:49.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2743.1618 [GMT -8:00]
Running from: c:\users\Erik\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 05:22 . 2011-12-16 05:22 -------- d-----w- c:\users\Erik\AppData\Local\temp
2011-12-16 05:22 . 2011-12-16 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 21:15 . 2011-12-15 21:15 388096 ----a-r- c:\users\Erik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-15 21:15 . 2011-12-15 21:15 -------- d-----w- c:\program files\Trend Micro
2011-12-15 21:12 . 2011-12-15 21:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7C84774-29B8-4D0D-9E49-FFC3F929F612}\offreg.dll
2011-12-15 20:53 . 2011-12-15 20:53 -------- d-----w- c:\program files\CCleaner
2011-12-15 20:37 . 2011-12-15 20:37 -------- d-----w- c:\users\Erik\AppData\Roaming\Malwarebytes
2011-12-15 20:37 . 2011-12-15 20:37 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 20:37 . 2011-12-15 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 20:37 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 16:10 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7C84774-29B8-4D0D-9E49-FFC3F929F612}\mpengine.dll
2011-12-14 16:10 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 16:10 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 16:10 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 16:10 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 16:10 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 16:10 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-21 19:07 . 2011-11-21 19:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-20 01:40 . 2011-11-20 01:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-20 01:40 . 2011-11-20 01:40 -------- d-----w- c:\program files\QuickTime
2011-11-20 01:38 . 2011-11-20 01:38 -------- d-----w- c:\program files\iTunes
2011-11-20 01:38 . 2011-11-20 01:38 -------- d-----w- c:\program files\iPod
2011-11-20 01:34 . 2011-11-20 01:34 -------- d-----w- c:\program files\Safari
2011-11-20 01:34 . 2011-11-20 01:34 -------- d-----w- c:\program files\Bonjour
2011-11-20 01:32 . 2011-11-20 01:32 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-29 15:43 . 2011-11-09 19:08 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Erik\AppData\Local\Akamai\netsession_win.exe" [2011-12-07 3305248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-08 169496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 13838952]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-08-09 5249024]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 23:44 15028104 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DXSOFTIO;DXSOFTIO; [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-29 68200]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-03-17 132464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-03 691696]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1656112]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2010-09-13 61096]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3300668343-3431786278-1635324022-1000Core.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 16:14]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3300668343-3431786278-1635324022-1000UA.job
- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(592)
c:\windows\system32\DPPWDFLT.DLL
.
Completion time: 2011-12-15 21:23:36
ComboFix-quarantined-files.txt 2011-12-16 05:23
.
Pre-Run: 86,427,176,960 bytes free
Post-Run: 86,130,241,536 bytes free
.
- - End Of File - - 8A44E3F9EB324161D4B315E2B62ADA7A

HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:17 PM, on 15/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Erik\AppData\Local\Akamai\netsession_win.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--
End of file - 7486 bytes


Will play around with my computer and see how it is running now.....
 
I did more research on your Akamai concern and it seems pretty legit and not a virus...

"Akamai is a private company that hosts a server farm that distributes web traffic. Microsoft, Mozilla, Yahoo, Google, and many, many other companies use Akamai. It helps to spread out the server load that is imposed by so much traffic to a site."

Just so you know.... Let me know if you find anything that looks odd.
 
Another interesting thing... this is what I did...

Open the Performance troubleshooter by clicking the Start button , and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Under System and Security, click Check for performance issues.

and guess what came up???

Windows asked me if I wanted to prevent these two programs from running at startup:
Akamai Netsession Interface
Openoffice.org

(I didnt select any of these but im tempted to try...)
 
Hi! I ended up totalling my hard drive lol. I wonder if my laptop was acting so wierd because my hard drive was dying? Anyways I think I have another hard drive somewhere so I will test that and if it works fine with that hard drive i will go buy a new one. Can you tell me if all I need to do is swap out the hard drive (i.e. plug and play)? Or is there some other stuff I need to do to get it working properly (i.e.l format or re-format the computer)? Thanks for your help!!!
 
A failing hard drive can cause all sorts of issues with your system. Since this is a laptop that had windows preinstalled, unless you made recovery cd's when you first got it, you will have to contact the maker of the laptop and have them send you the dvd's. You can replace the hard drive but you'll have to use the dvd's to reinstall your operating system.
 
So I bought a new hard drive, the exact same one that came with my computer as it was the best bang for the buck. I installed it, found my laptop software and windows 7 cd so I installed everything. My computer is super super fast now. So it definately was the hard drive cause I tested the hard drive at my buddies house and sometimes it worked and sometimes it didnt so I think it was dying.

I made some partial recovery dvds a long time ago so I should be able to recover most or not all my photos and important documents that i need out of there.

Thanks for your patience and help Johnb35
 
You must log in or register to reply here.
Back
Top