Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection, AV found only low thread tracking cookies


  • Please log in to reply
13 replies to this topic

#1 banger

banger

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 June 2009 - 06:31 PM

I posted an issue I had which may or may not have been malware. See here. I've booted to safe mode, run AV scans, disabled startup items/third party services, checked for odd registry entries, run hardware diagnostics, and such to discover the root of the aforementioned issue but to no avail. For some piece of mind, I'd like to see if something (virus/malware) has eluded me. Thanks in advance for the help.

Banger

DDS (Ver_09-05-14.01) - NTFSx86
Run by Banger at 18:15:44.61 on Mon 06/15/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1946 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Banger\Desktop\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe

Attached Files



BC AdBot (Login to Remove)

 


m

#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 22 June 2009 - 04:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 22 June 2009 - 06:11 PM

As I had mentioned, I had some issues with my boot time and what I had thought to be a corruption of the explorer.exe file. The boot process continues to be smooth until right after the Welcome screen. I have run AV in safe mode, memory diagnostics, and assorted other tests to insure there was no malware, as well as installed updated drivers and windows updates. The only thing I can think of is that either some drivers aren't loading properly or that it has something to do with some vague Event IDs in Windows Event viewer. I posted this log as a precautionary measure to insure that I haven't missed anything. Thank you for your timely response and the help.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Banger at 17:59:18.56 on Mon 06/22/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2155 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *disabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Banger\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.black-company.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-4-5 10640]
S2 gupdate1c9d440bd22508d;Google Update Service (gupdate1c9d440bd22508d);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2008-9-21 229376]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-12 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-12 251904]

=============== Created Last 30 ================

2009-06-14 05:11 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-06-14 05:00 130,346 -------- c:\windows\hpoins13.dat.temp
2009-06-14 05:00 811 -------- c:\windows\hpomdl13.dat.temp
2009-06-11 22:07 <DIR> --d----- c:\program files\Auslogics
2009-06-11 21:59 <DIR> --d----- c:\program files\CCleaner
2009-06-11 00:38 458,316 a------- c:\windows\system32\vnnnnnnnnnnnnnn
2009-06-11 00:34 <DIR> a-d----- c:\programdata\TEMP
2009-06-11 00:34 <DIR> --d----- c:\program files\GreenVantage LLC
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-10 18:54 642,560 a------- c:\windows\system32\rasgcw.dll
2009-06-10 18:15 <DIR> --d----- c:\programdata\PCPitstop
2009-06-10 18:15 <DIR> --d----- c:\progra~2\PCPitstop
2009-06-10 18:13 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-06-10 18:09 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 18:09 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 18:09 623,616 a------- c:\windows\system32\localspl.dll
2009-06-09 07:02 31,966 a------- c:\programdata\nvModes.dat
2009-06-09 07:02 31,966 a------- c:\progra~2\nvModes.dat
2009-06-09 06:59 <DIR> --d----- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-06-09 00:04 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-09 00:04 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-08 20:28 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-08 20:28 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-06-08 20:28 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-06-08 20:26 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-08 00:11 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-08 00:11 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-08 00:11 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-08 00:11 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-08 00:11 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-08 00:11 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-08 00:11 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-08 00:11 <DIR> --d----- c:\program files\VSO
2009-06-07 23:36 14 a------- c:\windows\system32\systeminfo3.dll
2009-06-07 23:36 87,608 a------- c:\users\banger\appdata\roaming\inst.exe
2009-06-07 23:36 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-07 23:36 47,360 a------- c:\users\banger\appdata\roaming\pcouffin.sys
2009-06-07 23:35 <DIR> --d----- c:\programdata\DVDXStudio
2009-06-07 23:35 <DIR> --d----- c:\program files\CloneDVD
2009-06-07 23:35 <DIR> --d----- c:\progra~2\DVDXStudio
2009-06-04 20:02 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-04 20:02 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-04 00:45 1,169,408 a------- c:\windows\system32\sdclt.exe
2009-06-03 21:06 2,927,104 a------- c:\windows\explorer1.exe
2009-06-02 19:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-02 18:59 1,459,200 a------- c:\windows\system32\esent.dll
2009-06-02 18:58 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-02 18:58 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-02 18:58 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-02 18:58 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-02 18:58 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-02 18:58 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-02 18:58 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-02 18:58 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-02 18:58 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-02 18:58 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-02 17:44 <DIR> --d----- c:\users\banger\appdata\roaming\Malwarebytes
2009-06-02 17:44 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-02 17:44 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-28 18:35 <DIR> --d----- c:\program files\Microsoft Application Compatibility Toolkit 5
2009-05-25 15:44 <DIR> --d----- c:\programdata\Roxio
2009-05-25 15:36 <DIR> --d----- c:\program files\Roxio

==================== Find3M ====================

2009-06-21 22:03 138,168 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-21 22:03 189,472 a------- c:\windows\system32\PnkBstrB.exe
2009-06-14 05:13 130,304 a------- c:\windows\hpoins13.dat
2009-06-14 04:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 04:56 143,360 a------- c:\windows\inf\infstor.dat
2009-06-14 04:56 51,200 a------- c:\windows\inf\infpub.dat
2009-06-10 19:28 319,456 a------- c:\windows\DIFxAPI.dll
2009-06-10 19:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-23 01:01 161,411 a------- c:\windows\hpqins00.dat
2009-05-18 17:38 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 00:08 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:08 1,292,832 a------- c:\windows\system32\nvsvs.dll
2009-05-01 00:07 13,781,536 a------- c:\windows\system32\nvcpl.dll
2009-05-01 00:07 4,045,344 a------- c:\windows\system32\nvvitvs.dll
2009-05-01 00:07 4,020,768 a------- c:\windows\system32\nvdisps.dll
2009-05-01 00:07 3,516,960 a------- c:\windows\system32\nvgames.dll
2009-05-01 00:07 3,123,744 a------- c:\windows\system32\nvwss.dll
2009-05-01 00:07 1,288,736 a------- c:\windows\system32\nvmobls.dll
2009-05-01 00:07 768,544 a------- c:\windows\system32\nvsvc.dll
2009-05-01 00:07 211,488 a------- c:\windows\system32\nvvsvc.exe
2009-05-01 00:07 195,104 a------- c:\windows\system32\nvmccss.dll
2009-05-01 00:07 143,360 a------- c:\windows\system32\nvshext.dll
2009-05-01 00:07 92,704 a------- c:\windows\system32\nvmctray.dll
2009-04-30 22:02 10,366,976 a------- c:\windows\system32\nvoglv32.dll
2009-04-30 22:02 9,850,016 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 22:02 7,593,472 a------- c:\windows\system32\nvd3dum.dll
2009-04-30 22:02 3,128,320 a------- c:\windows\system32\nvwgf2um.dll
2009-04-30 22:02 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 983,552 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-30 22:02 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-15 20:01 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 01:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 01:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 01:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 01:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 01:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 01:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 01:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 01:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll
2009-03-27 10:03 236,064 a------- c:\windows\system32\nvmccs.dll
2009-03-27 10:03 139,264 a------- c:\windows\system32\nvcod141.dll
2009-03-27 10:03 45,056 a------- c:\windows\system32\nvmccsrs.dll
2009-03-16 18:28 22,328 a------- c:\users\banger\appdata\roaming\PnkBstrK.sys
2008-06-25 12:09 0 a------- c:\users\banger\appdata\roaming\wklnhst.dat
2008-06-12 11:48 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:59:59.27 ===============

#4 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:04:33 PM

Posted 22 June 2009 - 08:47 PM

Hello,

Let's check for malware.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


After that, please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Next, download my Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-screen317

#5 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 22 June 2009 - 11:25 PM

Here is a copy of my Malaware Bytes log as well as a fresh HJT log. I am currently updating Kapersky and will proceed with the rest of the instructions.


Database version: 2297
Windows 6.0.6002 Service Pack 2

6/22/2009 11:00:08 PM
mbam-log-2009-06-22 (23-00-08).txt

Scan type: Quick Scan
Objects scanned: 79835
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Explorer1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:08 PM, on 6/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hp\kbd\kbd.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Banger\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.black-company.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Update Service (gupdate1c9d440bd22508d) (gupdate1c9d440bd22508d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

#6 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 23 June 2009 - 08:17 AM

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 23, 2009 06:19:56
Records in database: 2382141


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 119270
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:43:33

No malware has been detected. The scan area is clean.
The selected area was scanned.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 2
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
MicrosoftWindowsOneCareLiveAntiSpywareand AntiVirus
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
AusLogics Registry Cleaner
Java™ 6 Update 13
Java™ 6 Update 6
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)
Request Timed Out (Check Internet connection?)

Scan took 21 seconds.
`````````End of Log```````````

#7 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:04:33 PM

Posted 25 June 2009 - 03:48 AM

Hi,

Delete SecurityCheck please.


Next, please download JavaRa and unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.


Restart your computer, post a fresh DDS log, and let me know what issues remain.

-screen317

#8 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 25 June 2009 - 07:42 PM

I removed SecurityCheck and followed your instructions regarding Java. It didn't give me a log to post but it did remove the outdated version. The only issue remaining is a somewhat long boot time which is apparently not associated with malware. I can't make heads or tails of the Event Viewer logs other than a couple of Machine Policy events and a Critical event which shows a boot time of 153000ms or so. I haven't been able to find any information regarding the event IDs or error#s but at least my pc is free of malware.
Thanks for the assistance, it is greatly appreciated. Now if I can just learn the language of the Event Viewer heh.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Banger at 19:31:54.07 on Thu 06/25/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2229 [GMT -5:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Banger\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.black-company.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-4-5 10640]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
S2 gupdate1c9d440bd22508d;Google Update Service (gupdate1c9d440bd22508d);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2008-9-21 229376]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-6-12 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-6-12 251904]

=============== Created Last 30 ================

2009-06-22 22:54 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 22:54 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 22:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 05:11 <DIR> --d----- c:\programdata\HPSSUPPLY
2009-06-14 05:00 130,346 -------- c:\windows\hpoins13.dat.temp
2009-06-14 05:00 811 -------- c:\windows\hpomdl13.dat.temp
2009-06-11 22:07 <DIR> --d----- c:\program files\Auslogics
2009-06-11 21:59 <DIR> --d----- c:\program files\CCleaner
2009-06-11 00:38 458,316 a------- c:\windows\system32\vnnnnnnnnnnnnnn
2009-06-11 00:34 <DIR> a-d----- c:\programdata\TEMP
2009-06-11 00:34 <DIR> --d----- c:\program files\GreenVantage LLC
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-10 19:13 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-10 18:54 642,560 a------- c:\windows\system32\rasgcw.dll
2009-06-10 18:15 <DIR> --d----- c:\programdata\PCPitstop
2009-06-10 18:15 <DIR> --d----- c:\progra~2\PCPitstop
2009-06-10 18:13 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-06-10 18:09 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 18:09 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-10 18:09 623,616 a------- c:\windows\system32\localspl.dll
2009-06-09 07:02 31,966 a------- c:\programdata\nvModes.dat
2009-06-09 07:02 31,966 a------- c:\progra~2\nvModes.dat
2009-06-09 06:59 <DIR> --d----- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-06-09 00:04 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-06-09 00:04 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-06-08 20:28 37,440 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-08 20:28 91,200 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-06-08 20:28 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-06-08 20:26 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-08 00:11 102,439 a------- c:\windows\system32\sipr3260.dll
2009-06-08 00:11 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-06-08 00:11 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-06-08 00:11 217,127 a------- c:\windows\system32\drv43260.dll
2009-06-08 00:11 208,935 a------- c:\windows\system32\drv33260.dll
2009-06-08 00:11 176,165 a------- c:\windows\system32\drv23260.dll
2009-06-08 00:11 65,602 a------- c:\windows\system32\cook3260.dll
2009-06-08 00:11 <DIR> --d----- c:\program files\VSO
2009-06-07 23:36 14 a------- c:\windows\system32\systeminfo3.dll
2009-06-07 23:36 87,608 a------- c:\users\banger\appdata\roaming\inst.exe
2009-06-07 23:36 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-06-07 23:36 47,360 a------- c:\users\banger\appdata\roaming\pcouffin.sys
2009-06-07 23:35 <DIR> --d----- c:\programdata\DVDXStudio
2009-06-07 23:35 <DIR> --d----- c:\program files\CloneDVD
2009-06-07 23:35 <DIR> --d----- c:\progra~2\DVDXStudio
2009-06-04 20:02 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-04 20:02 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-04 00:45 1,169,408 a------- c:\windows\system32\sdclt.exe
2009-06-02 19:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-02 18:59 1,459,200 a------- c:\windows\system32\esent.dll
2009-06-02 18:58 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-02 18:58 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-02 18:58 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-02 18:58 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-02 18:58 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-02 18:58 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-02 18:58 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-02 18:58 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-02 18:58 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-02 18:58 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-02 17:44 <DIR> --d----- c:\users\banger\appdata\roaming\Malwarebytes
2009-06-02 17:44 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-02 17:44 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-28 18:35 <DIR> --d----- c:\program files\Microsoft Application Compatibility Toolkit 5

==================== Find3M ====================

2009-06-25 19:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-24 22:14 189,472 a------- c:\windows\system32\PnkBstrB.exe
2009-06-24 19:21 138,168 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-14 05:13 130,304 a------- c:\windows\hpoins13.dat
2009-06-14 04:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 04:56 143,360 a------- c:\windows\inf\infstor.dat
2009-06-14 04:56 51,200 a------- c:\windows\inf\infpub.dat
2009-06-10 19:28 319,456 a------- c:\windows\DIFxAPI.dll
2009-06-10 19:13 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-23 01:01 161,411 a------- c:\windows\hpqins00.dat
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 00:08 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:08 1,292,832 a------- c:\windows\system32\nvsvs.dll
2009-05-01 00:07 13,781,536 a------- c:\windows\system32\nvcpl.dll
2009-05-01 00:07 4,045,344 a------- c:\windows\system32\nvvitvs.dll
2009-05-01 00:07 4,020,768 a------- c:\windows\system32\nvdisps.dll
2009-05-01 00:07 3,516,960 a------- c:\windows\system32\nvgames.dll
2009-05-01 00:07 3,123,744 a------- c:\windows\system32\nvwss.dll
2009-05-01 00:07 1,288,736 a------- c:\windows\system32\nvmobls.dll
2009-05-01 00:07 768,544 a------- c:\windows\system32\nvsvc.dll
2009-05-01 00:07 211,488 a------- c:\windows\system32\nvvsvc.exe
2009-05-01 00:07 195,104 a------- c:\windows\system32\nvmccss.dll
2009-05-01 00:07 143,360 a------- c:\windows\system32\nvshext.dll
2009-05-01 00:07 92,704 a------- c:\windows\system32\nvmctray.dll
2009-04-30 22:02 10,366,976 a------- c:\windows\system32\nvoglv32.dll
2009-04-30 22:02 9,850,016 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-04-30 22:02 7,593,472 a------- c:\windows\system32\nvd3dum.dll
2009-04-30 22:02 3,128,320 a------- c:\windows\system32\nvwgf2um.dll
2009-04-30 22:02 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 983,552 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-30 22:02 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-15 20:01 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 01:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 01:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 01:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 01:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 01:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 01:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 01:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 01:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll
2009-03-16 18:28 22,328 a------- c:\users\banger\appdata\roaming\PnkBstrK.sys
2008-06-25 12:09 0 a------- c:\users\banger\appdata\roaming\wklnhst.dat
2008-06-12 11:48 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:32:38.41 ===============

Attached Files



#9 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:04:33 PM

Posted 27 June 2009 - 08:48 PM

Hello,

Thanks for the assistance, it is greatly appreciated. Now if I can just learn the language of the Event Viewer heh.

It can be daunting to read through the Event Viewer logs... Usually it's used as a troubleshooting tool if you are experiencing major problems; otherwise don't worry about it too much.

Let's see if we can investigate the slow boot time...

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

#10 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 28 June 2009 - 10:29 AM

http://www.pcpitstop.com/betapit/sec.asp?c...;report=Summary

I've run this test before to see what could possibly be the issue. The only thing I have run into are that two drivers are supposedly out of date. I have the latest drivers from my pc manufacturer's website and when I use the Device Manager to search for updated driver software online, it comes back with "Windows found that your current driver is up to date." That goes for the drivers for both my audio and network controller adapter.

#11 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:04:33 PM

Posted 01 July 2009 - 06:12 PM

Hello,

Well PCPitStop says your computer is running rather well...


Maybe we can see which process is slowing down your boot time so much.


Download Process Explorer from here:
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
Save it to your Desktop


Now, restart your computer.

As soon as you log in, right click Process Explorer and click Run as Admin...

Sort the list by CPU usage (so it shows the highest at the top), and let me know which process is hogging the CPU.

-screen317

#12 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 06 July 2009 - 01:23 PM

I may just be hallucinating. Nothing unusual is hogging up CPU time. I just remember not having any downtime between the welcome screen and my desktop. I think it may have been a Vista update, perhaps sp2. Either way, I'll continue to research the issue. Something must be loading improperly during the boot sequence to cause ~140-160k millisecond delays.

#13 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:04:33 PM

Posted 07 July 2009 - 12:23 AM

Hi,

Your Adobe Reader is out of date. Older versions contain vulnerabilities that can be exploited by criminals.

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall Adobe Reader 8.0


Now, either download the latest version from here, or alternatively, download the less bloated, open source (free) Foxit Reader.


Something must be loading improperly during the boot sequence to cause ~140-160k millisecond delays.

Well if something is loading, it would be using CPU cycles, and Process Explorer would show which file/s is/are doing that. Double check that you have sorted the list by CPU usage while examining it.

If no joy, you can use MSConfig to determine which Startup entry or Service is causing the delay.


Click Start, type in MSConfig.exe, and press Enter.

Click the Startup tab and click Disable All.

Restart your computer and see if your performance returns to how it was before.

If so, that means one of the Startup entries is to blame. You will now have to enable them (add a checkmark next to each in MSConfig) one at a time, then restarting to see which Startup entry is causing the delay.


Let me know how it goes, and let me know if anything isn't clear.

-screen317

#14 banger

banger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 09 August 2009 - 02:38 PM

Apologies for my neglecting to reply sooner. I've updated the above program and inspected all startup entries. I am still unaware of what is causing the errors in the Event Viewer but my boot time is acceptable. Thanks again for all of the help and I will post again if any other issues arise. Consider the issue resolved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users