Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Re: XP Startup is very slow now

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules


Reply
 
LinkBack Thread Tools
  #1  
Old 25th Feb 2008, 08:35 AM
No Avatar
Donor Group
 
sungod000 is offline
 
Join Date: 18th Jan 2008
Last Online: Yesterday 10:44 PM
Posts: 29
iTrader: (0)
sungod000 is on a distinguished road
Default Re: XP Startup is very slow now
Thanks for your help.

I never had Comodo Firewall installed. Only Comodo Boclean so I left that and Zonealarm alone.

I previuosly ran the Norton Removal tool when I uninstalled the Norton Antivirus. I ran it again though.

I deleted those two entries using HJT.

As for MSInfnd.exe, I remember Avast detecting viruses in that file name so I had it deleted by Avast. So, I could not upload it into those online file scanners.

The problem is still there, but not as severe. Instead of a 2-3 minutes on the blank screen, it takes about a minute now.

Here is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:56 AM, on 02/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hamachi\hamachi.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSInfnd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9803 bytes
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #2  
Old 25th Feb 2008, 10:38 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 10:34 AM
Posts: 5,334
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Re: XP Startup is very slow now
Moved to Virus Spyware & Security.

----------

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe and then click Start.
  • An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now Click OK to start.
    • This is a short scan that will scan the files currently running in memory.
    • If or when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis and click OK
  • Back at the main window, select the Complete scan button.
  • Then click the Green Arrow Start Scanning button on the right and the scan will start.
    • Click Yes to all if it asks if you want to cure/move any file(s).
  • When the scan is done.
  • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  • Copy and paste that log in the next reply
----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • From the keyboard select 1 and press Enter
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
----------

Next post
Dr. Web log
Combofix log
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #3  
Old 27th Feb 2008, 08:44 AM
No Avatar
Donor Group
 
sungod000 is offline
 
Join Date: 18th Jan 2008
Last Online: Yesterday 10:44 PM
Posts: 29
iTrader: (0)
sungod000 is on a distinguished road
Default Re: XP Startup is very slow now
Dr Web Cureit didn't find anything, and didn't let me save a log. Maybe because it didn't find anything?

Here is the Combofix log:

ComboFix 08-02-25.3 - sundeep 2008-02-25 22:52:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.1194 [GMT -5:00]
Running from: C:\Documents and Settings\sundeep\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\sundeep\Application Data\inst.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 20:53 . 2008-02-25 20:53 <DIR> d-------- C:\Documents and Settings\sundeep\DoctorWeb
2008-02-23 11:11 . 2008-02-23 11:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 14:56 . 2008-02-21 14:57 <DIR> d-------- C:\Program Files\PDFCreator
2008-02-21 14:56 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-02-21 14:56 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-02-21 14:56 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-02-17 15:51 . 2008-02-17 15:51 <DIR> d-------- C:\Move Back to D
2008-02-10 20:13 . 2008-02-25 09:18 <DIR> d-------- C:\Documents and Settings\sundeep\Application Data\Vso
2008-02-10 20:13 . 2008-02-10 20:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-10 20:13 . 2008-02-10 20:13 47,360 --a------ C:\Documents and Settings\sundeep\Application Data\pcouffin.sys
2008-02-10 20:12 . 2008-02-18 19:37 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-10 20:11 . 2008-02-10 20:11 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-02-02 10:32 . 2008-02-02 10:32 <DIR> d-------- C:\Documents and Settings\sundeep\Application Data\Grisoft
2008-02-02 10:32 . 2008-02-02 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-02 10:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 16:01 . 2008-02-01 16:01 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-01 16:01 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-01 16:01 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-01 16:01 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-01 16:01 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-01 16:01 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-01 16:01 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-01 16:01 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-01 16:01 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-30 22:17 . 2008-01-30 22:17 <DIR> d-------- C:\ERDNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-26 03:54 4,982,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-26 03:51 --------- d-----w C:\Documents and Settings\sundeep\Application Data\Hamachi
2008-02-25 16:22 60,800 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 21:00 1,499,648 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-21 03:42 1,495,552 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-18 21:51 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-14 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 01:07 --------- d-----w C:\Documents and Settings\sundeep\Application Data\uTorrent
2008-02-11 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-02 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-01 13:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-31 03:19 1,271,944 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-29 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2008-01-29 21:31 --------- d-----w C:\Program Files\Google
2008-01-25 01:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-25 01:03 --------- d-----w C:\Program Files\Ahead
2008-01-22 02:45 --------- d-----w C:\Program Files\Comodo
2008-01-22 02:33 --------- d-----w C:\Documents and Settings\sundeep\Application Data\SUPERAntiSpyware.com
2008-01-21 21:20 --------- d-----w C:\Program Files\Zone Labs
2008-01-21 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-21 17:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 17:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 17:32 --------- d-----w C:\Documents and Settings\sundeep\Application Data\Yahoo!
2008-01-20 19:36 --------- d-----w C:\Documents and Settings\sundeep\Application Data\FileZilla
2008-01-20 16:58 --------- d-----w C:\Documents and Settings\sundeep\Application Data\AVS Video Converter
2008-01-19 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 21:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-19 15:53 --------- d-----w C:\Program Files\Java
2008-01-19 15:53 --------- d-----w C:\Program Files\Common Files\Java
2008-01-19 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-18 22:23 10,624 ----a-w C:\WINDOWS\system32\drivers\pxark.sys
2008-01-18 22:23 --------- d-----w C:\Documents and Settings\sundeep\Application Data\PrevxCSI
2008-01-18 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-18 21:47 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-18 21:44 --------- d-----w C:\Documents and Settings\sundeep\Application Data\HouseCall 6.6
2008-01-17 23:03 --------- d-----w C:\Program Files\Logitech
2008-01-17 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 19:01 --------- d-----w C:\Program Files\Windows Defender
2008-01-17 18:48 --------- d-----w C:\Program Files\Snappy Fax 2000 Version 3
2008-01-02 04:29 --------- d-----w C:\Program Files\winsim
2008-01-02 04:27 --------- d-----w C:\Program Files\Intuit
2008-01-02 04:26 --------- d-----w C:\Program Files\Common Files\Intuit
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-26 15:38 238,848 ----a-w C:\WINDOWS\UNBOC.EXE
2007-07-03 19:50 0 ----a-w C:\Program Files\gditst
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 10:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 10:17 970752]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 11:29 1191936]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-30 19:00 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-30 19:00 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [2007-03-30 18:59 138008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 16:31 29744]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE" [2007-11-26 10:38 342272]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]

C:\Documents and Settings\sundeep\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-05-07 18:43:29 624416]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"StartMenuLogOff"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Poker Clock Pro\\PokerClockPro.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\sundeep\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
S2 MSInfoFrv;MSInfo Framework Service;C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSInfnd.exe []
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 17:04]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-29 16:31]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-18 17:23]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\##fcaserver#x]
\Shell\Auto\command - Z:\MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\Auto\command - D:\MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}]
\Shell\Auto\command - F:\MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{513c5eae-fa88-11db-9b74-fbbf347dce17}]
\Shell\Auto\command - F:\MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}]
\Shell\Auto\command - MSInfnd.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 16:26:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-17 20:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - sundeep.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 22:54:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-25 22:55:23
ComboFix-quarantined-files.txt 2008-02-26 03:55:21
.
2008-02-22 11:05:54 --- E O F ---
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #4  
Old 27th Feb 2008, 08:51 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 10:34 AM
Posts: 5,334
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Re: XP Startup is very slow now
Create An Uninstall List
  • Start HijackThis
  • Click on the Open the Misc Tools section
  • Click on the Open Uninstall Manager button.
  • Click on the Save list button and specify where you would like to save this file and click Save.
    • When you press Save button a notepad will open with the contents of that file.
  • Copy and paste that list in your reply.

----------

Also post a new Hijackthis log please.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #5  
Old 27th Feb 2008, 09:06 AM
No Avatar
Donor Group
 
sungod000 is offline
 
Join Date: 18th Jan 2008
Last Online: Yesterday 10:44 PM
Posts: 29
iTrader: (0)
sungod000 is on a distinguished road
Default Re: XP Startup is very slow now
Here you go:

µTorrent
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
avast! Antivirus
AVG Anti-Spyware 7.5
AVS Disc Creator version 2.1
AVS Video Tools 5.1
BOClean
Broadcom 440x 10/100 Integrated Controller
Canon Camera WIA Driver 6.2.5
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Diskeeper 2007 Pro Premier
DVD Shrink 3.2
DVDFab Platinum 4.0.3.2 by Dr.Pc Putte - Team RES
Easy CD-DA Extractor 10
FileZilla Client 3.0.2.1
Google Desktop
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB926239)
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java(TM) 6 Update 4
K-Lite Mega Codec Pack 2.01
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' RogueRemover
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
ML-1200 Series
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MVision
mWlsSafe
mWMI
MySQL Connector/ODBC 3.51
mZConfig
Nero 6 Ultra Edition
Opera 9.20
PDF Settings
PDFCreator
Poker Clock Professional 2.1
PokerStars
PowerDVD
PowerISO
QuickSet
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SigmaTel Audio
SopCast 1.1.2
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Spybot - Search & Destroy
Synaptics Pointing Device Driver
SyncToy
Tweak UI
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb944965)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Word 2007 (KB934173)
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Defender
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
ZoneAlarm



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:39 PM, on 02/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSInfnd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9798 bytes
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #6  
Old 27th Feb 2008, 09:17 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 10:34 AM
Posts: 5,334
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Re: XP Startup is very slow now
Let's clean up some of the startup items. Removing these will not do anything to the programs but stop them from starting with the computer.

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Bluetooth.lnk = ?

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------


This scanner works with Internet Explorer only
Go to the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.


Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report



When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save



This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it.
(take notice of where you save it so you can find it later)

This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us

This log must be added as an attachment.
  • Click on the button
  • Scroll down to Manage Attachments
  • A window will open up.
  • Click the Browse... button and find the file
  • Then double click it to add it.
  • Click the Upload button
  • Wait until you see the file in Current Attachment .
  • Close the Manage Attachments window
  • The attachment will be added in the post.
Post the bdscan.txt in the next post.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote

Please support this forum, donate towards our running costs.
Reply

Thread Tools
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Muted Startup? City Multimedia, Drivers & Codecs 6 2nd Jun 2008 12:50 PM
XP Startup is very slow now sungod000 Windows Operating Systems 5 23rd Feb 2008 02:54 PM
msconfig>startup liamfi Windows Operating Systems 3 29th Dec 2007 12:15 PM
Slow Home LAN - Why is it going slow? sirantonycartwright Virus, Spyware & Security 14 21st Jul 2007 07:31 AM
Firefox Startup? Hassan Web Browsers & FTP Clients 1 31st Mar 2007 02:48 PM


Copyright ©2006 - 2008 Computer Juice.
Contact Us - Privacy Statement - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc.