Log for a friend.

[Buck_nekid]

Hello and thanks for any help you can offer, this is a log from a 'poor English' speaking friend of mine. This is her laptop that she complains is slow to 'turn on' and 'do things' I got her to run some scans (Spybot S&D, Malwarebytes) installed spyware blaster, got her to uninstall a few dumb things she had going. I see nothing bad in this, but can you point me to some things that she should not start at boot up to get her some pep back? Yes, she is running Nortons.... Like the lightscribe, she didn't even know what it was, if I disable them in the startup will they still function (I know most things will, but some are picky like that) I just want to get her to the barebones with her wireless and bluetooth working. Next I will work on getting her Windows fully updated. Just that the "now check the box and click yes" is hard when there is a language barrier. There is no way I could help people with tech support on the internet like some of you do.

*Them facebook and banking cabs scare me, I use facebook, but they ain't in my log*

*That's all Brazilian Portuguese*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:12:28, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Arquivos de programasIntelWirelessBinEvtEng.exe
C:WINDOWSsystem32DllHost.exe
C:Arquivos de programasASUS Security CenterASUS Security Protect ManagerBinAsGHost.exe
C:WINDOWSExplorer.EXE
C:Arquivos de programasIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe
C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe
C:Arquivos de programasArquivos comunsSymantec SharedccProxy.exe
C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe
C:Arquivos de programasArquivos comunsSymantec SharedSPBBCSPBBCSvc.exe
C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe
C:Arquivos de programasGbPluginGbpSv.exe
C:WINDOWSsystem32spoolsv.exe
C:Arquivos de programasArquivos comunsAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Arquivos de programasSymantecLiveUpdateALUSchedulerSvc.exe
C:Arquivos de programasBonjourmDNSResponder.exe
C:Arquivos de programasWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Arquivos de programasArquivos comunsLightScribeLSSrvc.exe
C:Arquivos de programasNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:Arquivos de programasIntelWirelessBinRegSrvc.exe
C:Arquivos de programasCyberLinkShared FilesRichVideo.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32SCardSvr.exe
C:WINDOWSATK0100HControl.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSvsnp2std.exe
C:Arquivos de programasASUSPower4 GearBatteryLife.exe
C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe
C:Arquivos de programasASUSASUS Live UpdateALU.exe
C:Arquivos de programasASUSSplendidACMON.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsm56hlpr.exe
C:Arquivos de programasIntelWirelessbinZCfgSvc.exe
C:Arquivos de programasIntelWirelessBinifrmewrk.exe
C:Arquivos de programasSynapticsSynTPSynTPEnh.exe
C:Arquivos de programaslg_fwupdatefwupdate.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:WINDOWSsystem32ACEngSvr.exe
C:WINDOWSATK0100ATKOSD.exe
C:WINDOWSsystem32ctfmon.exe
C:Arquivos de programasGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Arquivos de programasWIDCOMMBluetooth SoftwareBTTray.exe
C:ARQUIV~1WIDCOMMBLUETO~1BTSTAC~1.EXE
C:Arquivos de programasIntelWirelessBinDot1XCfg.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Arquivos de programasWindows LiveMessengermsnmsgr.exe
C:Arquivos de programasWindows LiveMessengerusnsvc.exe
C:Arquivos de programasTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32mspaint.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = Yahoo! Brasil
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Arquivos de programasAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Arquivos de programasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:Arquivos de programasScpadscpsssh2.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Arquivos de programasMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Arquivos de programasArquivos comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Arquivos de programasMSN AppsST�1.03.0000.1005en-xustmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Arquivos de programasArquivos comunsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Arquivos de programasNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:arquivos de programasgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Arquivos de programasGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Arquivos de programasMSN AppsMSN Toolbar�1.02.5000.1021pt-brmsntb.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:Arquivos de programasGbPlugingbiehuni.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:Arquivos de programasASUS Security CenterASUS Security Protect ManagerBinItIEAddIn.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Arquivos de programasArquivos comunsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Arquivos de programasNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Arquivos de programasMSN AppsMSN Toolbar�1.02.5000.1021pt-brmsntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:arquivos de programasgooglegoogletoolbar1.dll
O4 - HKLM..Run: [HControl] C:WINDOWSATK0100HControl.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [snp2std] C:WINDOWSvsnp2std.exe
O4 - HKLM..Run: [Power_Gear] C:Arquivos de programasASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [ccApp] "C:Arquivos de programasArquivos comunsSymantec SharedccApp.exe"
O4 - HKLM..Run: [ASUS Live Update] C:Arquivos de programasASUSASUS Live UpdateALU.exe
O4 - HKLM..Run: [ACMON] C:Arquivos de programasASUSSplendidACMON.exe
O4 - HKLM..Run: [CognizanceTS] rundll32.exe C:ARQUIV~1ASUSSE~1ASUSSE~1BinASTSVCC.dll,RegisterModule
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Arquivos de programasIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Arquivos de programasIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [SynTPEnh] C:Arquivos de programasSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LGODDFU] "C:Arquivos de programaslg_fwupdatefwupdate.exe" blrun
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [QuickTime Task] "C:Arquivos de programasQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Arquivos de programasGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:ARQUIV~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:Arquivos de programasWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ARQUIV~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:ARQUIV~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Arquivos de programasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ARQUIV~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Arquivos de programasWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Arquivos de programasWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Arquivos de programasMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Arquivos de programasMessengermsmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&MSN.com
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Arquivos de programasMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:ARQUIV~1ARQUIV~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: GbPluginUni - C:Arquivos de programasGbPlugingbiehuni.dll
O20 - Winlogon Notify: OneCard - C:Arquivos de programasASUS Security CenterASUS Security Protect ManagerBinASWLNPkg.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:Arquivos de programasScpadscpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:Arquivos de programasScpadscpLIB.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Arquivos de programasArquivos comunsAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Arquivos de programasSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Arquivos de programasBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Arquivos de programasWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:Arquivos de programasNorton Internet SecurityccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Arquivos de programasNorton Internet SecuritycomHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Arquivos de programasIntelWirelessBinEvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Arquivos de programasGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:Arquivos de programasiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Arquivos de programasArquivos comunsLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ARQUIV~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Arquivos de programasNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Arquivos de programasIntelWirelessBinRegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Arquivos de programasCyberLinkShared FilesRichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Arquivos de programasIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Arquivos de programasNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Arquivos de programasSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Arquivos de programasSpyware DoctorpctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Arquivos de programasArquivos comunsSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Arquivos de programasArquivos comunsSymantec SharedCCPD-LCsymlcsvc.exe

--
End of file - 15202 bytes

 

[Osiris]

Delete these entries

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Those .cab entries are fine

Can you follow the msconfig in my guide?

Run ccleaner and cleanup as well

 

[Buck_nekid]

Thanks, I had her remove that entry. I hooked her up with ccleaner and Cleanup a while ago. I had her uninstall norton (turns out it wasn't even bought, it came on the laptop and expired...) but I couldn't find the uninstall utility anywhere on the net, they would all give the error "This is a old version blah blah." So just used the regular add/remove. She says it runs much faster now. Guess norton does slow things down. I am slowly having her go thru the start up processes but being there it isn't much fun.

I will have her send me a new log tonight and post it up.

Thanks again.

 

[Osiris]

Sounds good