Hijack This Log

[chanetg]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:42:33 PM, on 4/22/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDriveWindows\idwbg_500.exe

C:\Program Files\IDriveWindows\idwmonitor.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Program Files\IDriveWindows\idw_web.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\Users\Mommy\Desktop\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000024e802bd69

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iDrive Background process] "C:\Program Files\IDriveWindows\idwbg_500.exe"

O4 - HKLM\..\Run: [iDrive Monitor] "C:\Program Files\IDriveWindows\idwmonitor.exe" Min

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [iDrive Background process] "C:\Program Files\IDriveWindows\idwbg_500.exe"

O4 - HKCU\..\Run: [iDrive Monitor] "C:\Program Files\IDriveWindows\idwmonitor.exe" Min

O4 - HKCU\..\Run: [iBWIN] "C:\Program Files\IDriveWindo

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [Google Update] "C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [iDrive Background process] "C:\Program Files\IDriveWindows\idwbg_500.exe" (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [iDrive Monitor] "C:\Program Files\IDriveWindows\idwmonitor.exe" Min (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [iBWIN] "C:\Program Files\IDriveWindo (User '?')

O4 - HKUS\S-1-5-21-3245235309-2918058011-2117429110-1003\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate1ca4b87bdee89e1) (gupdate1ca4b87bdee89e1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IDriveService - Unknown owner - C:\Program Files\IDriveWindows\idwservice_500.exe

O23 - Service: IDWAdmin - Unknown owner - C:\Program Files\IDriveWindows\idwadminsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 11137 bytes

I'm sure there must be stuff on my computer I need to get rid of whenever my computer freezes and I run CC cleaner I clean it and then run the registry and I always get missing dll/macromed/system32/flash/flashutili/9b something like that and I fix it and the computer runs ok for a while and then it just happens again is there a way to fix this?

Thank you

[Tarun]

It looks like you had McAfee at one point, and I see you're using avast also. It may be worthwhile to run the McAfee Uninstaller Cleanup program. You may also want to try StartUpLite.

If you're concerned about performance you may want to use Microsoft Security Essentials instead of avast.

[chanetg]

Where can I get the program and the reason I installed Avast was bec. MSE was giving me major problems and it stopped working.

Also why am I getting the missing DLL system32/ macromed/ flashutil/9b message over & over again? Any idea?

Thanks

[Tarun]

The aforementioned programs can be found in the Anti-Malware Toolkit. You may need to reinstall Flash (uninstaller links: 32-bit/64-bit).

What sort of problems was MSE giving you?

[James_A]

Also why am I getting the missing DLL system32/ macromed/ flashutil/9b message over & over again? Any idea?

Probably a bad update.

Do what Tarun has said: please download and run the Adobe Flash uninstaller program, from the links he has given above. This should completely remove all old registry entries and files that cause the error message.

Then install the latest version of Flash, again, from http://get.adobe.com/flashplayer/

Make sure that you UNcheck the "Yes, install McAfee Security Scan Plus" box BEFORE clicking on the "Download now" button.

.

[chanetg]

Thanks to all those who responded I really appreciate it.

[chanetg]

As far as MSE I had it on the computer ever since I own the computer and then suddenly my computer started freezing and it kept on telling me your not protected and so I emailed MSE and they gave me detailed instructions on how to uninstall it and reinstall it and nothing worked so I got fed up and found avast which has really good ratings and have not problems with it.

[greenknight]

As far as MSE I had it on the computer ever since I own the computer and then suddenly my computer started freezing and it kept on telling me your not protected and so I emailed MSE and they gave me detailed instructions on how to uninstall it and reinstall it and nothing worked so I got fed up and found avast which has really good ratings and have not problems with it.

Your problem may have nothing to do with Avast, but some users have had severe problems with Avast 7. I'm one of them - I've switched to Avira.

It wasn't easy to pin these troubles on Avast. They crept up on me months after the update to v 7, reportedly it started with the minor update to v 7.0.1426. It ranged from some of the tray icons missing after bootup, all the way to just wallpaper with no icons or taskbar. The computer would freeze in any case, I'd have to punch the power button to get out of it. It didn't happen every time, but it gradually got more frequent until the computer was about unusable.

http://forum.avast.c...p?topic=94171.0 has discussion of this bug; if your problems resemble those described there you should suspect Avast. It appears only a small percentage of users are affected, however.

[chanetg]

Hi Tarun,

I followed your advice and ran Mcafee uninstaller from Anti-malware toolkit and unfortunately it didn't seem to work this is what I got:

NFO Product McProxy to be removed from system.

INFO Product MHN to be removed from system.

INFO Product MNA to be removed from system.

INFO Product MOBK to be removed from system.

INFO Product MPFP to be removed from system.

INFO Product MPFPCU to be removed from system.

INFO Product MPS to be removed from system.

INFO Product SHRED to be removed from system.

INFO Product MPSCU to be removed from system.

INFO Product MQC to be removed from system.

INFO Product MQCCU to be removed from system.

INFO Product MSAD to be removed from system.

INFO Product MSHR to be removed from system.

INFO Product MSK to be removed from system.

INFO Product MSKCU to be removed from system.

INFO Product MWL to be removed from system.

INFO Product NMC to be removed from system.

INFO Product RedirSvc to be removed from system.

INFO Product VS to be removed from system.

INFO Product MSC to be removed from system.

ERROR Internal Error

INFO Task Scheduler service started.

WINERR IPersistFile::Save() failed. Error: 0x80070005

FAIL Error while running cleanup using Task Scheduler.

MCAFEE CLEANUP

May 04, 2012 12:58:41

INFO Silent mode activated.

INFO Cleanup will be scheduled and run.

INFO Product Auth to be removed from system.

INFO Product EMproxy to be removed from system.

INFO Product FWdiver to be removed from system.

INFO Product McSvcHost to be removed from system.

INFO Product HW to be removed from system.

INFO Product MAS to be removed from system.

INFO Product MAT to be removed from system.

INFO Product MBK to be removed from system.

INFO Product MCPR to be removed from system.

INFO Product McProxy to be removed from system.

INFO Product MHN to be removed from system.

INFO Product MNA to be removed from system.

INFO Product MOBK to be removed from system.

INFO Product MPFP to be removed from system.

INFO Product MPFPCU to be removed from system.

INFO Product MPS to be removed from system.

INFO Product SHRED to be removed from system.

INFO Product MPSCU to be removed from system.

INFO Product MQC to be removed from system.

INFO Product MQCCU to be removed from system.

INFO Product MSAD to be removed from system.

INFO Product MSHR to be removed from system.

INFO Product MSK to be removed from system.

INFO Product MSKCU to be removed from system.

INFO Product MWL to be removed from system.

INFO Product NMC to be removed from system.

INFO Product RedirSvc to be removed from system.

INFO Product VS to be removed from system.

INFO Product MSC to be removed from system.

ERROR Internal Error

INFO Task Scheduler service started.

WINERR IPersistFile::Save() failed. Error: 0x80070005

FAIL Error while running cleanup using Task Scheduler.

[Tarun]

You may want to try rerunning it again, but it did remove a lot of things which is good.

[chanetg]

Thanks, but I still get the following whenever I run CC cleaner and then run the registry cleaner this always comes up

missing shared DLL C:windows system 32macromed flash flashutil 9b.exe HKLMSOFTWAREWINDOWSCURRENTVERSIONSHARED dll

missing shared DLL C: windowssystem32macromedflashflash9b.ocx HKLMSOFTWAREWINDOWSCURRENTVERSIONSHARED dll

Would you know what is causing this?

[Tarun]

Yes. I have posted the solution above in a previous post.

[greenknight]

Did you run the Mcafee uninstaller in safe mode? Might work better that way.

[James_A]

Thanks, but I still get the following whenever I run CC cleaner and then run the registry cleaner this always comes up

missing shared DLL C:windows system 32macromed flash flashutil 9b.exe HKLMSOFTWAREWINDOWSCURRENTVERSIONSHARED dll

missing shared DLL C: windowssystem32macromedflashflash9b.ocx HKLMSOFTWAREWINDOWSCURRENTVERSIONSHARED dll

Would you know what is causing this?

I've looked again at this and it seems to me that this could be a CCleaner problem not a Flash problem.

One part of the CCleaner Registry Cleaner section detects shared .dll files that are listed in the registry at:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls

(the details given by the OP have a slight typo)

If there is an entry in the above key, but no file on disk, then CCleaner lists the entry so that it can be checked and deleted.

Which leaves the question: if the entry is checked and deleted, why does it come up again?

Since this is in the HKLM part of the Registry, does that mean that this is actually a Vista UAC problem?

Does anyone know how CCleaner handles the UAC problem on Vista?

.

[Tarun]

Due to lack of response this topic is now closed.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup