[kalinbridg]

pleae do you need me to re-post the hijackthis?

[Advertisements]

No, just be patient and a malware expert will reply to your post in the Malware Forum.

Fenor

P.S. -- I editted my last post because I posted it in the wrong topic by mistake. Sorry about that

[Fenor]

No, just be patient and a malware expert will reply to your post in the Malware Forum.

Fenor

P.S. -- I editted my last post because I posted it in the wrong topic by mistake. Sorry about that

[wannabe1]

kalinbridg...

Would you post me a HJT StartupList log? To do this, start HiJackThis and click on "Do a system scan only". On the following screen, click on "Config..." and then click on "Misc Tools". Click on "Generate a StartupList log", copy the log and post it here for us.

wannabe1

[kalinbridg]

Fenor, I see the Gmail logo pop up notifying me your message is coming thru, but i cant see any recent message. am i missing some?

[kalinbridg]

ok Fenor, disregard my last message. i c u now. wannabe1 just contacted me on what next to do.

[kalinbridg]

Here you go wannabe1,

StartupList report, 10/15/2005, 4:19:37 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Maxwell Omo-Ajede SJ\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Maxwell Omo-Ajede SJ\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
RtlWake.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Apoint = C:\Program Files\Apoint\Apoint.exe
DadApp = C:\Program Files\Dell\AccessDirect\dadapp.exe
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Dell|Alert = C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Creative WebCam Tray = C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
LogitechGalleryRepair = C:\Program Files\Logitech\ImageStudio\ISStart.exe
LogitechImageStudioTray = C:\Program Files\Logitech\ImageStudio\LogiTray.exe
nwiz = nwiz.exe /installquiet
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ConMgr.exe = "C:\Program Files\EarthLink 5.0\ConMgr.exe"
AttuneClientEngine = C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ClamWin = "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
LDM = \Program\BackWeb-8876480.exe
WebCamRT.exe =
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
googletalk = "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Cleanup.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[ppctlcab]
CODEBASE = http://www.pestscan....er/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell....iler/SysPro.CAB

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx
CODEBASE = http://www.pestscan....r/axscanner.cab

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://207.188.7.150...ip/RdxIE601.cab

[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akama...meInstaller.exe

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupd...b?1094955328749

[DmiReader Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSPRO~1.DLL
CODEBASE = http://ftp.us.dell.c...es/PROFILER.CAB

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7909.5678009259

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE = http://a840.g.akamai...uditControl.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/p...t/msnchat45.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Protocol #2: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Protocol #30: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 10,090 bytes
Report generated in 1.622 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[wannabe1]

kalinbridg...

Ok...let's start with this...Uninstall the Zone Alarm firewall using Add or Remove Programs in Control Panel. Then make sure the Windows Firewall is turned on (Control Panel > Security Center > firewall link at the bottom)

Then let's uninstall the google toolbar and the google desktop search applications also using Add or Remove Programs in Control Panel.

Reboot and see if it's a little faster.

wannabe1

[kalinbridg]

Thanks wannabe, I will be glad to uninstall like you suggested. just a point, i installed the zone alarm just about a couple of months ago, the google desktop and the google toolbar...barely three weeks ago .... and the problem with the pc has been there before these were installed. should i still go ahead, anyway?

[wannabe1]

kalinbridg...

Yes, please do. Two firewalls running together will give you problems. The googles you can reinstall later. I'm just cutting through the clutter. We'll be stopping some start-up apps, too. That'll be next.

wannabe1

[kalinbridg]

Wannabe1,

I'd do as you say right away and hit you back once rebooting is concluded.

[kalinbridg]

I did like you asked. Google desk search, google toolbar, and zonealarm are gone. i turned on windows alarm and rebooted. I must say, no change yet in the slow startup. Notice how long this whole process took me...still i'm on broadband, and my CPU is 1.70 GHz and 256 MB. i've used up only about 20% of my hard drive. please help me buddy...i'l buy you a beer:)

[wannabe1]

kalinbridg...

Now...can you get me a screenshot of the startup programs in the config window?

Click Start then Run and type msconfig and press "Ok". Click the "Start up" tab. Press Alt and PrtScrn at the same time. Then open Paint ( Start > All Programs > Accessories > Paint) and click "Edit" and then "Paste". Save the image as Jpeg and post it here for me.

I've got to step out for a little bit, but should be back within the hour.

wannabe1

[kalinbridg]

I'm really grateful wannabe1. if i post it to you here, do you mean you'd reply when you are back in one hour?
That will be ok with me. It's just about 6am here and i've been up since 6pm Friday. i'l catch some sleep now but i will post this stuff, leave my computer on, and please post whatever information you have for me...i will do what you say. just let me know when you'd be online again so i hook up. let me know if this works with you. i really appreciate buddy...with love from tthe UK.

[kalinbridg]

hi wannabe,
if you've not already left, this is the screenshot. if you are still there, please acknowledge. u are a star. thanks a lot.

[wannabe1]

Whoops!! wrong tab...

I need the information under the Start up tab which is on the far top right...sorry...I should have been a little clearer in my instructions. I'll catch a few zzzz's, too and check first thing in the morning.

wannabe1