Recommended Posts

IE opens very slow. No other browser has any issues. Seems like a virus to me, but after I scanned and removed 2 viruses, problem still exists. Disabled all addons, disabled all msconfig entries, reset settings for IE, and ran multiple virus scans, still no solution. Here is my hijackthis log i made, hopefully you guys can help me out.

Just assume I did all the basics, I am a computer tech with a year of experience with this kind of stuff. This is honestly the first time I have ever been completely stumped. Takes 5-10 minutes to open, with sometimes it not loading at all. This is a customers computer I am fixing, so using another browser is not an option, as it is my job to fix the issues. I hope one of you guys has a better clue than I have.

Logfile of HijackThis v1.99.1

Scan saved at 4:01:50 PM, on 1/31/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:











C:Program FilesCommon FilesJavaJava Updatejusched.exe


C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe

C:Program FilesIntelModem Event MonitorIntelMEM.exe

C:Program FilesCyberLinkPowerDVDDVDLauncher.exe

C:Program FilesRealRealPlayerRealPlay.exe


C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe


C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

C:Program FilesCorelCorel Photo Album 6MediaDetect.exe

C:Program FilesCommon FilesAOLACSAOLDial.exe

C:Program FilesDell Photo AIO Printer 924dlccmon.exe


C:Program FilesCommon FilesAOL1153315994eeAOLSoftware.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

C:Program FilesMcAfee.comAgentmcagent.exe


C:Program FilesAmerica Online 9.0aaoltray.exe


C:Program FilesAOL Companioncompanion.exe

C:Program FilesMUSICMATCHMusicmatch Jukeboxmim.exe

C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe



C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe

C:Program FilesJavajre6binjqs.exe

C:Program FilesMcAfeeSiteAdvisorMcSACore.exe

C:Program FilesCommon FilesMcAfeeMcSvcHostMcSvHost.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesCommon FilesMcAfeeSystemCoremfevtps.exe


C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe


C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe



C:Program FilesiPodbiniPodService.exe









R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:progra~1mcafeemskmskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesCommon FilesMcAfeeSystemCoreScriptSn.20101103001106.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.6.5805.1910swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:Program FilesGoogleAFEGoogleAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:Program FilesAOL Toolbartoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM..Run: [iAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe

O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"

O4 - HKLM..Run: [intelMeM] C:Program FilesIntelModem Event MonitorIntelMEM.exe

O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"

O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe

O4 - HKLM..Run: [iSUSPM Startup] "C:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup

O4 - HKLM..Run: [iSUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start

O4 - HKLM..Run: [MimBoot] C:PROGRA~1MUSICM~1MUSICM~3mimboot.exe

O4 - HKLM..Run: [MMTray] C:PROGRA~1MUSICM~1MUSICM~3mm_tray.exe

O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup

O4 - HKLM..Run: [Corel Photo Downloader] C:Program FilesCorelCorel Photo Album 6MediaDetect.exe

O4 - HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe

O4 - HKLM..Run: [DLCCCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM..Run: [dlccmon.exe] "C:Program FilesDell Photo AIO Printer 924dlccmon.exe"

O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1153315994eeAOLSoftware.exe

O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [mcui_exe] "C:Program FilesMcAfee.comAgentmcagent.exe" /runkey

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aaoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:Program FilesKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:Program FilesAOL Toolbartoolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:Program FilesAOL Toolbartoolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ( Operating System Class) -

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~1mcafeeSITEAD~1mcieplg.dll

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0288591292554903) (0288591292554903mcinstcleanup) - Unknown owner - C:WINDOWSTEMP\028859~1.EXE (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: dlcc_device - Unknown owner - C:WINDOWSsystem32dlcccoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe

O23 - Service: Intel

Share this post

Link to post
Share on other sites

Hi HearlandCompTech and Welcome to Malwarebytes!

IE might be infected? ComboFix will show this if it's infected. Lets see.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Share this post

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.