Windows XP Very, Very Slow Boot

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

Windows XP Very, Very Slow Boot

Options

Clipper44 View Member Profile	Jul 11 2007, 09:20 PM Post #1
Member Posts: 17 OS: XP	Hi -- My Acer Aspire 5000 laptop recently started taking a very, very, very long time to boot -- 15-20 minutes (literally) -- both warm and cold. No problems resuming from Standby or Hibernate. BootVis shows wmiprvse.exe starting at around 80 seconds, but nothing more loads until lexbces.exe, etc. start at 1015 seconds. In between svchost (1316) accesses the hard drive 5-6 times. Everything seems to run fine once Windows finally starts, but I wonder what might be happening in the background. My initial searches led me to suspect I was suffering from recent problems noted with Windows Automatic Update and I tried most of the fixes recommended, including defragging, trimming start up programs, refreshing DLLs, reinstalling W/U, running Dial-A-Fix & finally just disabling Windows Update. I went through the pre-Hijack posting steps, which seemed to solve the problem until I got to Step Three: update Windows. Now I'm back to square one. I disabled Windows Update again and for drill I ran ATF, AVG & SuperAntiSpyware again and they came back clean, but no luck this time around. I usually update & run scans of CA Anti-Virus Software, Yahoo Anti-Spyware & Ad-aware on at least a weekly basis. Any help would be greatly appreciated, as I don't always have time to cut the grass, change the oil in my car or bake brownies waiting for my computer to start up. Thanks much. Logfile of HijackThis v1.99.1 Scan saved at 9:46:18 PM, on 7/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\HijackThis\HijackThis.exe C:\Program Files\Yahoo!\Antivirus\autodown.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.solidworks.com/plugins/edrawing...anguage=English O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10562D72-3D72-4531-B8CB-94FF4AA6FDA2}: NameServer = 68.94.156.1,68.94.157.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10562D72-3D72-4531-B8CB-94FF4AA6FDA2}: NameServer = 68.94.156.1,68.94.157.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Clipper44 View Member Profile	Jul 11 2007, 09:22 PM Post #2
Member Posts: 17 OS: XP	Acer eManager for Notebook Acer GridVista Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 8.1.0 Agere Systems AC'97 Modem AmpliTube 1.x LE AnswerWorks Runtime Arcade 3.0 AT&T Yahoo! Applications Audacity 1.2.3 AudibleManager AVG Anti-Spyware 7.5 Band-in-a-Box 2007 Update Bass PODxt Drivers 2.6.8.0 (Remove Only) Blues Pianist Volume 2 Brava! Reader 2.5 Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX CCleaner (remove only) CDex extraction audio Click'N Design 3D CoffeeCup Free FTP Corel Applications Creative MediaSource 5 Creative Removable Disk Manager Creative System Information Creative ZEN V Series (R2) Digidesign Pro Tools� FREE eFax Messenger 4.0 FeedReader Free DWG Viewer 5.4 Garritan GPO Tracktion 3 Edition Google Earth Guitar Chord Dictionary HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Hollywood Screenplay Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Format SDK (KB910998) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Intel A/V Codecs V2.0 iriver Music Manager iRiver Updater J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 5 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java™ SE Runtime Environment 6 Update 1 Launch Manager Lexmark 2300 Series Lexmark 510 Series Lexmark Fax Solutions Line 6 Drivers 3.2.7.0 (Remove Only) Line 6 Drivers 3.2.9.2 (Remove Only) Line 6 Edit (remove only) Line 6 Monkey 1.15 (Remove Only) Line 6 Monkey 1.16 (Remove Only) Lotus Notes 6 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mixing & Mastering - Know It All ! Version 1.1 Mozilla Firefox (2.0.0.1) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser NI Service Center NTI Backup NOW! 4 NTI CD & DVD-Maker Gold oggcodecs 0.71.0946 Palm Desktop Panda ActiveScan PDFCreator PG Music DirectX Plugins 1.3.4.1 Piano Chord Dictionary PODxt Drivers 2.6.8.0 (Remove Only) PowerProducer PowerTracks Pro Audio 11 Print Server QuickTime RealPlayer Realtek AC'97 Audio SampleTank 2.x SE Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Serif PhotoPlus 6.0 SiS 900 PCI Fast Ethernet Adapter Driver SiS VGA Utilities SiSAGP driver Skype� 3.2 SpywareBlaster v3.5.1 SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver TaxCut Premium 2006 Tracktion 3.0.0.18 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) User Agent String Utility Variax Workbench (remove only) Viewpoint Media Player (Remove Only) Virtual Sound Canvas 3.2 Virtual Sound Canvas DXi WAVManager Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB895316 Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888240 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver WinZip Yahoo! Music Jukebox Yahoo! Search Protection ZENcast Organizer

don77 View Member Profile	Jul 16 2007, 05:17 PM Post #3
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hello Clipper44 welcome and sorry for the delay Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Clipper44 View Member Profile	Jul 17 2007, 08:18 AM Post #4
Member Posts: 17 OS: XP	Hi Don -- Thanks for the help. No problem on the delays -- whatever help you guys can offer will be greatly appreciated. I followed the instructions (twice) but only got one Notepad file: main.txt (below). There was no extra.txt that came up. If you need any other information, please let me know. Thanks again for your help. Deckard's System Scanner v20070711.54 Run by Clipper44 on 2007-07-17 at 10:09:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as clipper44.exe) ----------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:09:37 AM, on 7/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\PROGRA~1\YAHOO!\YOP\yop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\PROGRA~1\YAHOO!\browser\ycommon.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Documents and Settings\Clipper44\Desktop\dss.exe C:\HIJACK~1\Clipp4~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.solidworks.com/plugins/edrawing...anguage=English O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10562D72-3D72-4531-B8CB-94FF4AA6FDA2}: NameServer = 68.94.156.1,68.94.157.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10562D72-3D72-4531-B8CB-94FF4AA6FDA2}: NameServer = 68.94.156.1,68.94.157.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe -- Files created between 2007-06-17 and 2007-07-17 ----------------------------- 2007-07-15 08:08:58 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Walgreens 2007-07-11 17:44:00 0 dr-h----- C:\Documents and Settings\Clipper44\Recent 2007-07-11 00:36:24 8576 --a------ C:\WINDOWS\system32\drivers\jcivngepjysw.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-07-11 00:28:36 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-07-10 21:41:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-07-10 21:41:25 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-07-10 21:41:25 0 d-------- C:\Documents and Settings\Clipper44\Application Data\SUPERAntiSpyware.com 2007-07-10 21:16:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-10 19:58:41 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Grisoft 2007-07-10 19:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-10 18:15:26 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-07-10 18:15:25 0 d-------- C:\Program Files\SpywareBlaster 2007-07-10 15:45:39 0 d-------- C:\HijackThis 2007-07-09 08:04:04 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Skype 2007-07-09 08:03:28 0 d-------- C:\Program Files\Skype 2007-07-09 08:03:27 0 d-------- C:\Program Files\Common Files\Skype 2007-07-09 08:03:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-07-07 11:54:11 0 d-------- C:\Program Files\MSXML 6.0 2007-07-07 09:35:04 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-07-07 09:24:26 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Motive 2007-07-06 18:17:01 0 d-------- C:\Dial-a-fix-v0.60.0.24 2007-07-06 17:11:53 0 d-------- C:\WINDOWS\Motive 2007-07-06 17:11:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive 2007-07-06 17:11:43 0 d-------- C:\Program Files\Common Files\Motive 2007-07-06 17:11:21 0 d-------- C:\Program Files\SBC LightSpeed Self Support Tool 2007-07-06 17:11:20 0 d-------- C:\Program Files\SBC Self Support Tool 2007-07-06 17:11:09 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:08 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:08 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:08 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft� DirectX for Java> 2007-07-06 17:11:08 6550 --a------ C:\WINDOWS\jautoexp.dat 2007-07-06 17:11:02 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-07-06 17:11:02 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-07-06 17:11:02 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:02 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:02 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:01 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 17:11:00 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System> 2007-07-06 14:21:33 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-07-06 13:45:02 0 d-------- C:\wua 2007-07-06 13:44:19 0 d-------- C:\Documents and Settings\Clipper44\Application Data\WinRAR 2007-07-05 19:51:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-07-05 16:52:23 0 d-------- C:\Program Files\Microsoft Bootvis 2007-07-02 22:25:06 0 d-------- C:\Program Files\Lame 2007-07-02 19:42:50 0 d-------- C:\Documents and Settings\Clipper44\Application Data\U3 2007-07-01 23:12:52 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control> 2007-07-01 23:12:52 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2007-07-01 23:12:29 0 d-------- C:\Program Files\Common Files\Creative 2007-07-01 23:10:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative 2007-07-01 20:18:26 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Creative 2007-07-01 19:35:29 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System> 2007-07-01 19:28:08 0 d-------- C:\Program Files\Audible 2007-07-01 19:23:27 0 d--h----- C:\Program Files\Creative Installation Information 2007-07-01 19:18:46 0 d-------- C:\Program Files\Creative 2007-06-23 02:19:43 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2007-06-22 08:18:01 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-06-21 16:59:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-06-21 11:03:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-06-21 08:20:32 0 d--hs---- C:\FOUND.002 -- Find3M Report --------------------------------------------------------------- 2007-06-30 00:05:24 32 --a------ C:\WINDOWS\system32\msvcsv60.dll 2007-06-30 00:05:24 32 --a------ C:\WINDOWS\msocreg32.dat 2007-06-06 20:46:04 946176 --a------ C:\WINDOWS\system32\bca2kcpan.exe <Not Verified; Behringer Spezielle Studiotechnik GmbH; BCA2000 Control Panel> 2007-06-06 20:46:04 32768 --a------ C:\WINDOWS\system32\bca2kasio.dll <Not Verified; Behringer Spezielle Studiotechnik GmbH; bca2kasio> 2007-06-06 17:39:34 0 d-------- C:\Program Files\Common Files\Digidesign 2007-06-06 17:39:18 0 d-------- C:\Program Files\Native Instruments 2007-06-06 17:39:14 0 d-------- C:\Program Files\GPO Tracktion 3 Edition 2007-06-06 17:24:30 0 d--h----- C:\Program Files\Zero G Registry 2007-06-06 17:24:30 0 d-------- C:\Program Files\Submersible 2007-06-06 17:20:18 0 d-------- C:\Program Files\Apple Software Update 2007-06-06 17:16:36 0 d-------- C:\Program Files\IK Multimedia 2007-06-06 17:16:14 0 d-------- C:\Documents and Settings\Clipper44\Application Data\InstallShield 2007-06-06 17:04:12 0 d-------- C:\Documents and Settings\Clipper44\Application Data\Tracktion 3 2007-06-06 17:04:02 0 d-------- C:\Program Files\Tracktion 3 -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll {22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "LaunchApp"="Alaunch" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "SoundMan"="SOUNDMAN.EXE" "AGRSMMSG"="AGRSMMSG.exe" "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent" "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe" "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\"" "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE" "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\"" "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\"" "lxcgmon.exe"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\"" "EzPrint"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\"" "YOP"="C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe /autostart" "LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe" "CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\"" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecliscecli\ HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\ LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ WudfServiceGroup REG_MULTI_SZ WUDFSvc\ [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98cc48c-28f5-11dc-a673-000e9bd52d16}] Shell\AutoRun\command F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2007-07-17 at 10:10:10 ---------

don77 View Member Profile	Jul 17 2007, 04:59 PM Post #5
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hi again Clipper44 Nothing jumping out in that log either lets runb an online scan to make sure nothing is hiding from us Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

Clipper44 View Member Profile	Jul 20 2007, 05:47 AM Post #6
Member Posts: 17 OS: XP	Hi Don -- Sorry for the delay. I'm working an island resort with limited connectivity. Here's the Kapersky scan report. Thanks much! ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, July 20, 2007 6:35:39 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 19/07/2007 Kaspersky Anti-Virus database records: 365212 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 208919 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:20:40 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WMI\trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Clipper44\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Clipper44\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Temp\JETBC9.tmp Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Temp\~DFCD7.tmp Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\History\History.IE5\MSHist012007071920070720\index.dat Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Clipper44\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Clipper44\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\index2.dat Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\call256.dbb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\callmember256.dbb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\user256.dbb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\voicemail256.dbb Object is locked skipped C:\Documents and Settings\Clipper44\Application Data\Skype\mudcat44\profile4096.dbb Object is locked skipped C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP499\change.log Object is locked skipped Scan process completed.

don77 View Member Profile	Jul 20 2007, 09:04 AM Post #7
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	QUOTE I'm working an island resort with limited connectivity Hmm wouldn't mind having that problem Anyway the kaspersky scan came back with nothing, Basically some basic maintenance should be done to the machine if no luck we can send you to the XP forum and see if they can uncover an issue cause it is not a malware issue My next post is an automated post follow the guidelines for performing the maintenance and see how the machie is running after that

don77 View Member Profile	Jul 20 2007, 09:04 AM Post #8
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	A slow computer does not mean there is malware present. I don't see anything in your Hijack This log to indicate that your problem is malware related. I will post the following info to get you started in the right direction, but if you need further help with this you will have to post a new topic in the proper Operating System Forum. Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently: Disk Cleanup: http://www.theeldergeek.com/disk_cleanup_utility.htm Defrag your HD: http://artsweb.bham.ac.uk/artsit/Info/Guid...rag-win2kxp.htm Run chkdsk: To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else. Remove unnecessary startups This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig. Click OK or hit the Enter key. Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close" You will be prompted to restart. Go ahead and restart. Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again. Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option. Go here for info on msconfig: http://www.pacs-portal.co.uk/startup_index.htm You can look up the startups at the following links to help determine what is needed and what is not: http://computercops.biz/StartupList.html http://www.bleepingcomputer.com/startups/ http://www.answersthatwork.com/Tasklist_pages/tasklist.htm http://www.windowsstartup.com/wso/browse.p...t=50&end=75