[brasscap]

Although I have made no recent changes to my operating system, XP has started "hanging" at the "Windows is shutting down" screen for about a minute whereas it used to take no more than ten seconds. I suspect some kind of malware, but AdAware, Pest Patrol and Spybot S&D find nothing, and Norton AV also finds nothing, (but NAV lately has been blocking about five to ten viruss being sent to all sorts of names at earthlink.net which come to me as well.)

So here is my HijackThis log for your perusal. Any comments would be greatly appreciated.

Bob Johnson aka brasscap


Logfile of HijackThis v1.98.2
Scan saved at 6:56:05 AM, on 12/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Motherboard Monitor 5\DLL\display.dll
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Downloads\Spyware Tools\HiJackThis\hijackthis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101053289781
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab

[Advertisements]

I don't see anything malicious in your log.
Do you close most programs before shutting down?
I can imagine Diskeeper taking a while before it has gathered everything it needs.

Regards,

Pieter

[Metallica]

I don't see anything malicious in your log.
Do you close most programs before shutting down?
I can imagine Diskeeper taking a while before it has gathered everything it needs.

Regards,

Pieter

[brasscap]

I don't see anything malicious in your log.
Do you close most programs before shutting down?
I can imagine Diskeeper taking a while before it has gathered everything it needs.

Regards,

Pieter

I usually close everything simply because I want to save work. Outlook, for example, gets really testy if it isn't closed down before Windows yanks the feet out from under it. In any event, the slowdown doesn't occur until after the phase when things are being shut down etc. The "Saving your settings" and "logging off" phases are quite rapid.

As for Diskeeper, although the "engine" service is running, the program is not unless the CPU has been idle for some time. So I normally don't have to shut it down, and as a matter of fact, once it starts defragmenting a partition, you can forget about shutting down or running any program which needs a big chunk of memory. Diskeeper will not stop until the fragment of data it is moving has been written to disk and the orginal fragment has been deleted.

At any rate, thanks for putting my mind at ease with your analysis of my log. It's a new program for me and I need to learn more about what it means, although as I use it, it seems to get to be quite simple! Live and learn!

Thanks again,

brasscap
"You can always tell quality snake oil. It comes with a brass cap." [Mark Twain]