i could use some help with a hijack scan!!!

[jsr27]

:shock: hey all you people that know how to interprate a hijack report. i just restored the os back to factory settings due to an accident and can yall show me what i dont need? im under the impression that if you delete everything except the bare necessities that your laptop will perform better. is this true? i just cant seem to understand.:idea::?: thanks again. Logfile of IObit HijackScan v0.2.0.0

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\SYSTEM32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\SYSTEM32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\rpcnet.exe

C:\Windows\system32\STacSV.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\sfc.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

C:\Windows\SYSTEM32\taskeng.exe

 

O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll

O4 - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Java Plug-in 1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_07 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O23 - Service: Andrea ST Filters Service - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: DCOM Server Process Launcher - Unknown -

O23 - Service: Diagnostic Policy Service - Unknown -

O23 - Service: Windows Media Center Service Launcher - Unknown - %windir%\system32\svchost.exe

O23 - Service: Google Desktop Manager 5.9.911.3589 - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Group Policy Client - Unknown -

O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Windows CardSpace - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Net.Tcp Port Sharing Service - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: Quality Windows Audio Video Experience - Unknown - %windir%\system32\svchost.exe

O23 - Service: LiveShare P2P Server 10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: Remote Procedure Call (RPC) Net - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: Remote Procedure Call (RPC) - Unknown -

O23 - Service: Security Accounts Manager - Unknown -

O23 - Service: Secondary Logon - Unknown - %windir%\system32\svchost.exe

O23 - Service: SessionLauncher - Unknown - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Distributed Link Tracking Client - Unknown -

O23 - Service: Windows Modules Installer - Unknown -

O23 - Service: Diagnostic Service Host - Unknown -

O23 - Service: Diagnostic System Host - Unknown -

O23 - Service: Dell Wireless WLAN Tray Service - Unknown - C:\Windows\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe

O23 - Service: Windows Media Player Network Sharing Service - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[Melvin_Deal]

Hi jsr27!

 

This is a bad process. Check and fix it. O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run \: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

 

--Mel

 

P.S. The top part of your report is missing. The timestamp, OS, and all. Many of the running processes seem to be invalid... and need further investigation.

 

 

P.S.S. Run Java Ra and update here: http://raproducts.org/

[Melvin_Deal]

Please do these things.

 

http://forums.iobit.com/announcement.php?f=39

 

This will streamline addressing your issue(s). I suspect, but do not know, that there is malware here,

 

-Mel

 

Others may answer more pertinently!

 

-Mel

 

P.S.S. What kind of "Accident" was this that you had??? Describe please... along with the attached logs/reports! Thanks, -Mel

[jsr27]

new hijack scan from asc pro.

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 9:52:10 PM, on 3/28/2010

Platform: Windows Vista (WinNT 6.0)

MSIE: Internet Explorer v8.0 (8.0.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: Remote Procedure Call (RPC) Net (RpcSs) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: SessionLauncher - Unknown - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

the other report was security 360 maybe this will help.

[So_sad]

This is a bad process. Check and fix it. O4 - HKLM\Software\Microsoft\Windows\CurrentVersion\Run \: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

 

--Mel

 

Really ? How is it "bad" ?

 

===

[jsr27]

this is all the info you asked for mr. Melvin

 

sorry it has taken so long to respond but ive been really busy with work. thanks for your time. the security 360 log report detect 0 malware and didnt produce a log

DDS (Ver_10-03-17.01) - NTFSx86

Run by jane at 22:46:42.89 on Mon 03/29/2010

Internet Explorer: 8.0.6001.18882

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2476 [GMT -4:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\SYSTEM32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\system32\rpcnet.exe

C:\Windows\system32\STacSV.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\jane\Downloads\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090925

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090925

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PCBoost] "c:\program files\pgware\pcboost\PCBoostTray.exe" /start

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-26 162640]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-11-19 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-26 19024]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-26 51792]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-26 40384]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-24 311568]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-26 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-26 40384]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-25 111616]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-26 136176]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]

S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]

S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]

 

=============== Created Last 30 ================

 

2010-03-30 01:42:01 65536 --sha-w- c:\users\jane\NTUSER.DAT{55e22806-3b93-11df-867c-001d0959c4f4}.TM.blf

2010-03-30 01:42:01 524288 --sha-w- c:\users\jane\NTUSER.DAT{55e22806-3b93-11df-867c-001d0959c4f4}.TMContainer00000000000000000002.regtrans-ms

2010-03-30 01:42:01 524288 --sha-w- c:\users\jane\NTUSER.DAT{55e22806-3b93-11df-867c-001d0959c4f4}.TMContainer00000000000000000001.regtrans-ms

2010-03-30 01:40:24 262144 ---ha-w- c:\users\jane\ntuser.dat.new.LOG1

2010-03-30 01:40:24 0 ---ha-w- c:\users\jane\ntuser.dat.new.LOG2

2010-03-30 01:37:24 0 d-----w- c:\program files\Wondershare

2010-03-30 01:35:49 0 d-----w- c:\users\jane\appdata\roaming\Auslogics

2010-03-30 01:34:37 0 d-----w- c:\program files\Auslogics

2010-03-29 03:15:59 0 d-----w- c:\programdata\PGWARE

2010-03-29 03:15:58 0 d-----w- c:\program files\PGWARE

2010-03-29 03:04:54 0 d-----w- c:\program files\Throttle

2010-03-29 02:11:34 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-28 05:45:33 0 d-----w- c:\windows\pss

2010-03-27 01:12:45 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-03-26 00:53:47 0 d-----w- c:\program files\Windows Portable Devices

2010-03-26 00:53:07 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-03-26 00:53:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-03-26 00:53:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-03-26 00:51:14 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-03-26 00:51:14 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2010-03-26 00:51:14 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-03-26 00:33:45 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-03-26 00:33:44 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-03-26 00:33:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-03-25 05:14:42 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC

2010-03-25 04:47:01 0 d-----w- c:\programdata\Backup

2010-03-25 02:37:02 0 d-----w- c:\programdata\IObit

2010-03-25 02:13:24 0 d-----w- c:\windows\system32\eu-ES

2010-03-25 02:13:24 0 d-----w- c:\windows\system32\ca-ES

2010-03-25 02:13:21 0 d-----w- c:\windows\system32\vi-VN

2010-03-25 01:45:57 0 d-----w- c:\windows\system32\EventProviders

2010-03-25 01:33:53 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-03-24 06:38:02 0 d-----w- c:\programdata\Office Genuine Advantage

2010-03-24 06:35:10 0 d-----w- c:\program files\common files\Windows Live

2010-03-24 06:05:09 0 d-----w- c:\windows\system32\Profiles

2010-03-24 05:16:51 0 d-----w- c:\users\jane\appdata\roaming\Roxio Log Files

2010-03-24 04:49:32 0 d-----w- c:\users\jane\appdata\roaming\IObit

2010-03-24 04:49:32 0 d-----w- c:\program files\IObit

2010-03-24 03:45:50 572512 ----a-w- c:\windows\system32\msvcp50.dll

2010-03-24 03:44:15 0 d-----w- c:\programdata\fssg

2010-03-24 03:41:44 0 d-----w- c:\programdata\f-secure

2010-03-24 03:17:49 377344 ----a-w- c:\windows\system32\winhttp.dll

2010-03-24 02:49:33 72704 ----a-w- c:\windows\system32\admparse.dll

2010-03-24 02:43:16 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-24 02:43:14 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-24 02:43:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-24 02:42:40 0 d-----w- c:\program files\MSXML 4.0

2010-03-24 02:40:36 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2010-03-24 02:40:35 9728 ----a-w- c:\windows\system32\lsass.exe

2010-03-24 02:40:35 72704 ----a-w- c:\windows\system32\secur32.dll

2010-03-24 02:40:35 499712 ----a-w- c:\windows\system32\kerberos.dll

2010-03-24 02:40:35 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2010-03-24 02:40:35 270848 ----a-w- c:\windows\system32\schannel.dll

2010-03-24 02:40:35 175104 ----a-w- c:\windows\system32\wdigest.dll

2010-03-24 02:37:39 1401856 ----a-w- c:\windows\system32\msxml6.dll

2010-03-24 02:35:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2010-03-24 02:35:30 160256 ----a-w- c:\windows\system32\wkssvc.dll

2010-03-24 02:35:28 53248 ----a-w- c:\windows\system32\tsgqec.dll

2010-03-24 02:35:28 2066432 ----a-w- c:\windows\system32\mstscax.dll

2010-03-24 02:35:28 136192 ----a-w- c:\windows\system32\aaclient.dll

2010-03-24 02:35:26 714240 ----a-w- c:\windows\system32\timedate.cpl

2010-03-24 02:33:59 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL

2010-03-24 02:32:59 76288 ----a-w- c:\windows\system32\drivers\dxg.sys

2010-03-24 02:31:09 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-03-24 02:31:09 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-03-24 02:31:09 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-03-24 02:31:09 471552 ----a-w- c:\windows\system32\secproc.dll

2010-03-24 02:31:09 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-03-24 02:31:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-03-24 02:31:08 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-03-24 02:31:08 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-03-24 02:31:08 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-03-24 02:31:06 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-03-24 02:31:05 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-03-24 02:30:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-03-24 02:30:47 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-03-24 02:15:49 0 d-----w- c:\programdata\Alwil Software

2010-03-24 02:13:34 355328 ----a-w- c:\windows\system32\WSDApi.dll

2010-03-24 01:56:05 57752 ----a-w- c:\windows\system32\rpcnet.dll

2010-03-24 01:56:05 57752 ------w- c:\windows\system32\rpcnet.exe

2010-03-24 01:55:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-03-24 01:50:23 2421760 ----a-w- c:\windows\system32\wucltux.dll

2010-03-24 01:50:16 87552 ----a-w- c:\windows\system32\wudriver.dll

2010-03-24 01:50:08 33792 ----a-w- c:\windows\system32\wuapp.exe

2010-03-24 01:50:08 171608 ----a-w- c:\windows\system32\wuwebv.dll

2010-03-24 01:40:50 0 d-sh--we c:\programdata\Documents

2010-03-17 20:54:06 33792 ----a-w- c:\windows\system32\identprv.dll

 

==================== Find3M ====================

 

2010-03-30 02:22:05 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-03-26 03:01:14 51200 ----a-w- c:\windows\inf\infpub.dat

2010-03-26 03:01:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-03-26 03:01:14 143360 ----a-w- c:\windows\inf\infstor.dat

2010-03-26 00:53:45 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-03-25 01:55:12 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2010-03-24 03:38:52 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-11-19 20:16:42 76 --sha-r- c:\windows\CT4CET.bin

2009-09-25 16:12:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 22:47:16.74 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 11/19/2009 8:56:26 AM

System Uptime: 3/29/2010 10:21:18 PM (0 hours ago)

 

Motherboard: Dell Inc. | | 0U990C

Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 215 GiB total, 161.544 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 5.239 GiB free.

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.0

Advanced SystemCare 3

Auslogics Registry Cleaner

avast! Free Antivirus

Browser Address Error Redirector

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card Utility

Digital Line Detect

DirectXInstallService

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Matrix Storage Manager

IObit Security 360

Java 6 Update 17

Java 6 Update 7

Laptop Integrated Webcam Driver (1.04.01.1011)

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Microsoft .NET Framework 3.5 SP1

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Modem Diagnostic Tool

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

PCBoost

Smart Defrag

Throttle

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Windows Live OneCare safety scanner

Wondershare Registry Defrag 2.0.1

 

==== End Of File ===========================

[pyrath]

Really ? How is it "bad" ?

 

===

 

Some malware camouflage themselves as OEM02Mon.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the OEM02Mon.exe process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

 

@@@.file.net/process/oem02mon.exe.html

[So_sad]

You can look at the reports and see he has a Creative Live! cam onboard, thus OEM02Mon.exe is legit here.

 

Nothing wrong in those logs.

 

jsr27 : you can, however, update your Java. Go to the next link and download the newest version (Update 18) :

http://www.java.com/getjava/index.jsp

 

Watch closely during the install, and untick any extras you don't need, if applicable.

 

Once Java has installed, go to your Control Panel > Add/Remove programs, and uninstall these if still present :

 

Java 6 Update 17

Java 6 Update 7

 

That's it. If you want to trim your startup, I'm not your guy ;-)

 

===

[enoskype]

Hi jsr27,

 

Use JavaRa after uninstalling old Java as said by So_sad, to clean the clutter.

 

Also update Adobe reader to version 9.3.1

 

FYI, Adobe, Flash, and Java should always be updated to the most recent versions, as those three are the worst vulnarable software together with browser itself for the hacker code injections. :evil:

 

Cheers.

[So_sad]

http://innerfulfillment.files.wordpress.com/2010/01/smiley20face_thumbsup.jpg

 

Oops... I didn't realize the smilie was so big !

 

Oh well... it's worth it :-P

 

 

 

 

EDIT: Here they are attached if you want to use them smaller next time.:-D

Thanks So_sad.

[enoskype]

Well now, Sun Java Runtime Environment 6 Update 19 should be installed . http://forums.iobit.com/images/icons/icon12.gif

 

Cheers.

[So_sad]

I have another smilie, just for you, enoskype :

 

http://www.smilys.net/zunge_raus_smilies/smiley1798.gif

 

 

It isn't offered as an auto update yet, but you're right, it's the latest and bestest :mrgreen:

 

===

[enoskype]

.....Here is the one for you:

 

..........http://www.smilys.net/allg_smilies/smiley4401.gif

..........Cheers So_sad.

..................:-P