Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Slowing Internet Explorer And Windows, Not Sure What


  • Please log in to reply
47 replies to this topic

#1 bretttug

bretttug

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 January 2006 - 07:07 PM

It takes internet explorer about 5 minutes to go to a page (not because of a slow internet connection; I type in the address and it sits there, and when it finally gets the command it goes instantly).
Windows takes a lot longer than before to shut down.
Anything else windows related is very slow, such as a search, or navigating through the address bar to get to anything on the computer. When on drive C or My Documents and I hit the address bar to select a folder, it just freezes.

Dunno what it could be, but it wasnt doing this yesterday.
I scanned with 3 or 4 scanners, and only small things were found.



Logfile of HijackThis v1.99.1
Scan saved at 7:04:47 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Schwab\SSPro\SSPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FirstClass\FCC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\Program Files\BlueLight Internet\Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137005029758
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://netreg.service.emory.edu/CAT/CNICAT.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe

BC AdBot (Login to Remove)

 


#2 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 13 January 2006 - 11:29 AM

Not trying to bump it, although there hasnt been a reply in more than 5 days.

In addition to windows being slow in everything, especially shut down, SpyBot found a couple things that keep showing up every time it scans, even though it says it removes them. Both are Windows Security Center, one is antivirusdisablenotify and the other is firewalldisablenotify.
When I start up and my mcafee firewall tries to start, something keeps shutting it down. so it tries to start, but gets shut down. this goes on for about 10 times then whatever it is stops trying to shut it down.

Any help would be appreciated.



Logfile of HijackThis v1.99.1
Scan saved at 11:27:00 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Schwab\SSPro\SSPro.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://www.mybluelight.com/s/search?r=minisearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} -

C:\Program Files\BlueLight Internet\Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97

Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and

Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming

Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program

Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

/checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3

/cleanup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk =

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -

http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

System Class) -

http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...86/client/muweb

_site.cab?1137005029758
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) -

https://netreg.service.emory.edu/CAT/CNICAT.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. -

C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,

Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation

- C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner -

c:\Toshiba\Ivp\Swupdate\swupdtmr.exe

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 20 January 2006 - 09:37 AM

I do not see anything wrong here. I do though see that you install the WMF Hotfix. If you have installed Microsoft's latest updates then you should uninstall this Hotfix so they do not conflict.

O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll

These are some startup items that are unncessary and that you can disable by clicking on start, then run, and typing msconfig and then clicking on the startup tab. Uncheck the entries that correspond to these and press the OK button and reboot.

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


This may help with the speed a bit.

#4 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 20 January 2006 - 10:52 AM

I did as you said, but the same problems still occur. When I start up windows and I scan with Spybot, it still finds two things; Windows security center.antivirusdisablenotify, and windows security center.firewalldisablenotify.
Something disables my mcafee when I start up, and it also clears the firewall's memory of which programs to allow or disallow internet access.
When I type an address into internet explorer, it takes about 10 minutes for the command to get through, and then the page loads immediately.

What else do you suggest I do? What could it be?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 20 January 2006 - 11:08 AM

The Windows security center options can be changed by going into your control panel then clicking on SEcurity Center, and then click on the option for change the way security center alerts me and have it alert you for all three.

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
  • Please download and unzip Rootkit Revealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button.
    RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)]
Then Download and Save blacklite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log along with the rootkit revealer log.

#6 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 20 January 2006 - 06:11 PM

I scanned the first time on the rootkit thingy and I got this.

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Data\mcvsrpt.dat 1/20/2006 2:39 PM 298 bytes Hidden from Windows API.
C:\Documents and Settings\User\Application Data\Aim\hdqbvrtv\bretttug\urlcache\aim100.tmp 1/20/2006 2:23 PM 431 bytes Hidden from Windows API.
C:\Documents and Settings\User\Application Data\Aim\hdqbvrtv\bretttug\urlcache\aim6F.tmp 1/20/2006 1:29 PM 431 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Cookies\user@my.screenname.aol[2].txt 1/20/2006 2:23 PM 108 bytes Hidden from Windows API.
C:\Documents and Settings\User\Cookies\user@www.theonion[2].txt 1/19/2006 5:21 PM 75 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temp\~DFF5B1.tmp 1/20/2006 2:49 PM 512 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temp\~DFF74C.tmp 1/20/2006 2:05 PM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\CASTEFOP.php 1/20/2006 2:29 PM 980 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\clear[1].gif 1/20/2006 2:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\cso_btn_go2[1].gif 1/20/2006 2:29 PM 603 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\form[1].js 1/20/2006 2:29 PM 2.91 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\right_box[1].gif 1/20/2006 2:23 PM 1.24 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\search[1].htm 1/20/2006 2:44 PM 5.31 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\service[1].htm 1/20/2006 2:34 PM 2.10 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\stu_container[1].css 1/20/2006 2:29 PM 5.66 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\0FKTHHGN\stu_searchtable[1].css 1/20/2006 2:29 PM 2.18 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\150x200_RMOrange[1].gif 1/20/2006 2:23 PM 11.59 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\asset[1].htm 1/20/2006 2:44 PM 24.24 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\center[1].htm 1/20/2006 2:44 PM 10.33 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\en_job[1].gif 1/20/2006 2:29 PM 171 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\loginValidations[2].js 1/20/2006 2:23 PM 8.25 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\nav_01[1].gif 1/20/2006 2:29 PM 45 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\nav_02[1].gif 1/20/2006 2:29 PM 70 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\onCampusInterview[1].gif 1/20/2006 2:29 PM 90 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\2PKVQXE5\overlib[1].js 1/20/2006 2:29 PM 4.04 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\35[1].gif 1/20/2006 2:29 PM 3.53 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\asset[1].htm 1/20/2006 2:34 PM 24.26 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\header_widget[1].gif 1/20/2006 2:29 PM 61 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\left_control_off_01[1].gif 1/20/2006 2:29 PM 90 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\left_control_on_01[1].gif 1/20/2006 2:29 PM 105 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\nav304[1].htm 1/20/2006 2:44 PM 5.07 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XMJSD6R\xper_navtab[1].gif 1/20/2006 2:29 PM 1.60 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\aol[1].htm 1/20/2006 2:23 PM 165 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\asset[1].htm 1/20/2006 2:34 PM 145 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\Com_Mess;MN=93189867;wm=o;am1=1;ua=21;ug=1;sz=120x90;tile=1;dcove=d;ord=692399773[1] 1/20/2006 2:23 PM 316 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\cssBtnFunctions[1].js 1/20/2006 2:23 PM 801 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\er_main[1].css 1/20/2006 2:29 PM 7.50 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\job_folders[1].htm 1/20/2006 2:29 PM 24.28 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\job_search_results[1].htm 1/20/2006 2:29 PM 35.42 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\right_minibox[1].gif 1/20/2006 2:23 PM 234 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7Z9VB18C\your_apps[1].gif 1/20/2006 2:29 PM 334 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\44-51-erhp_cbee04_342x135[1].gif 1/20/2006 2:29 PM 17.15 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\[5] 1/20/2006 2:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\calendar[1].js 1/20/2006 2:29 PM 14.36 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\csymbolentry[1].htm 1/20/2006 2:44 PM 589 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\optstr[1].htm 1/20/2006 2:34 PM 1.13 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\stu_container[1].css 1/20/2006 2:29 PM 5.30 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\stu_page[1].css 1/20/2006 2:29 PM 6.45 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\util[2].js 1/20/2006 2:23 PM 478 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\89ATZ4NT\wbk105.tmp 1/20/2006 2:44 PM 2.11 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\A1KB6L25\asset[2].htm 1/20/2006 1:06 PM 146 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\A1KB6L25\service[1].htm 1/20/2006 1:06 PM 118.46 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\[38] 1/20/2006 2:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\AIM_UAC[1].htm 1/20/2006 2:23 PM 2.41 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\asset[1].htm 1/20/2006 2:34 PM 24.26 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\grid[1].css 1/20/2006 2:29 PM 2.42 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\icon_app_deadline[1].gif 1/20/2006 2:29 PM 261 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\icon_interview_sch[1].gif 1/20/2006 2:29 PM 179 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\left_minibox[1].gif 1/20/2006 2:23 PM 178 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\login[1].jsp 1/20/2006 2:30 PM 2.28 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\main[1].css 1/20/2006 2:29 PM 7.57 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\summary[1].htm 1/20/2006 2:44 PM 36.43 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\wbk107.tmp 1/20/2006 2:44 PM 2.11 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\APR09WB2\your_resumes[1].gif 1/20/2006 2:29 PM 287 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CD6ZWXUR\search[1].htm 1/20/2006 1:06 PM 5.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CD6ZWXUR\service[1].htm 1/20/2006 1:06 PM 32.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CD6ZWXUR\summary[1].htm 1/20/2006 1:06 PM 36.43 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CD6ZWXUR\thumbnail[1].png 1/20/2006 1:06 PM 2.17 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CDGFG7W3\csymbolentry[1].htm 1/20/2006 1:06 PM 589 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CTMV8H2J\AIM_UAC[1].htm 1/20/2006 10:59 AM 2.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CTMV8H2J\asset[2].htm 1/20/2006 1:06 PM 365 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CTMV8H2J\center[1].htm 1/20/2006 1:06 PM 10.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CTMV8H2J\global_functions[1].js 1/20/2006 1:06 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\CTMV8H2J\nav304[1].htm 1/20/2006 1:06 PM 5.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\brwn_bl[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\brwn_ll[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\brwn_tl[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\er_main[1].css 1/20/2006 2:29 PM 7.60 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\formatting[1].css 1/20/2006 2:29 PM 5.55 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\login[1].htm 1/20/2006 2:30 PM 7.34 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\loginValidations[2].js 1/20/2006 2:23 PM 8.25 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GBLBEEFT\MF_HedgedEquity_1105_top2_156[1].gif 1/20/2006 2:34 PM 4.39 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\arrow_orange_sm[1].gif 1/20/2006 2:29 PM 46 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\asset[1].htm 1/20/2006 2:44 PM 23.96 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\box_tile[1].gif 1/20/2006 2:23 PM 606 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\brwn_tlc[1].gif 1/20/2006 2:29 PM 61 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\btn_links[1].gif 1/20/2006 2:29 PM 69 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\button_getfreeaim[1].gif 1/20/2006 2:23 PM 1.25 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\commonparsed[1].css 1/20/2006 2:34 PM 11.14 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\experience_footer_logo[1].gif 1/20/2006 2:29 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IFMBQ9I7\stu_calendar_footer[1].gif 1/20/2006 2:29 PM 106 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\bullet_green[1].gif 1/20/2006 2:29 PM 45 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\CAIRQBID.htm 1/20/2006 2:34 PM 59.10 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\Com_Mess;MN=93189867;wm=o;am1=1;ua=21;ug=1;sz=120x90;tile=1;dcove=d;ord=692465237[1] 1/20/2006 2:24 PM 316 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\dotedLine_signOn[1].gif 1/20/2006 2:23 PM 102 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\global_functions[1].js 1/20/2006 2:44 PM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\right_control_off_02[1].gif 1/20/2006 2:29 PM 89 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\right_control_on_02[1].gif 1/20/2006 2:29 PM 105 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\stu_calendar_header[1].gif 1/20/2006 2:29 PM 2.01 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\stu_nav_divider[1].gif 1/20/2006 2:29 PM 172 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KH0TEJST\stu_nav_filler[1].gif 1/20/2006 2:29 PM 67 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\AIM_text[1].htm 1/20/2006 2:24 PM 1.96 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\asset[1].htm 1/20/2006 2:44 PM 23.96 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\blkSpacer[1].gif 1/20/2006 2:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\bullet[1].gif 1/20/2006 2:23 PM 47 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\experience_footer_logo[1].gif 1/20/2006 2:29 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\folder_sm[1].gif 1/20/2006 2:29 PM 116 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\home[1].htm 1/20/2006 2:29 PM 32.74 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\nav_05[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\nav_09[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O94R4NG3\nav_10[1].gif 1/20/2006 2:29 PM 62 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\brwn_blc[1].gif 1/20/2006 2:29 PM 60 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\brwn_trc[1].gif 1/20/2006 2:29 PM 60 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\ccmessage[1].htm 1/20/2006 2:29 PM 1.51 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\icon_recently_added[1].gif 1/20/2006 2:29 PM 228 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\jobSearch_internship[1].gif 1/20/2006 2:29 PM 753 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\minibox_tile[1].gif 1/20/2006 2:23 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\nav_06[1].gif 1/20/2006 2:29 PM 45 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ODI3KXA3\service[1].htm 1/20/2006 2:44 PM 118.43 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\brwn_rl[1].gif 1/20/2006 2:29 PM 44 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\grid[2].css 1/20/2006 2:29 PM 2.42 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\main[1].js 1/20/2006 2:29 PM 19.00 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\navbar[1].htm 1/20/2006 2:34 PM 3.07 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\stu_page[1].css 1/20/2006 2:29 PM 6.45 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ROT3VWX3\window[2].js 1/20/2006 2:23 PM 3.41 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\16401[1].gif 1/20/2006 2:29 PM 2.38 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\[11] 1/20/2006 2:44 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\asset[2].htm 1/20/2006 2:34 PM 24.24 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\btn_login[1].gif 1/20/2006 2:29 PM 137 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\clear[1].gif 1/20/2006 2:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\g_mailbranding[1].gif 1/20/2006 2:23 PM 2.30 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\header_tile[1].gif 1/20/2006 2:23 PM 334 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\lrg_comp_lft_crn[1].gif 1/20/2006 2:29 PM 82 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\lrg_comp_rgt_crn[1].gif 1/20/2006 2:29 PM 81 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\menu_layer_arrow[1].gif 1/20/2006 2:29 PM 51 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\thumbnail[1].png 1/20/2006 2:44 PM 2.38 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S9UNODQZ\wbk109.tmp 1/20/2006 2:44 PM 808 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\asset[1].htm 1/20/2006 2:44 PM 146 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\clear[1].gif 1/20/2006 2:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\nav_03[1].gif 1/20/2006 2:29 PM 50 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\nav_04[1].gif 1/20/2006 2:29 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\service[1].htm 1/20/2006 2:44 PM 32.58 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\snsStyles[2].css 1/20/2006 2:23 PM 14.85 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\SLU3CX2J\swirl[1].gif 1/20/2006 2:29 PM 176 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\[41] 1/20/2006 2:21 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\AIM_text[2].htm 1/19/2006 5:12 PM 1.96 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\AIM_UAC[1].adp 1/20/2006 2:23 PM 815 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\asset[1].htm 1/20/2006 2:44 PM 365 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\formatting[1].css 1/20/2006 2:29 PM 5.58 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\help_header[1].gif 1/20/2006 2:29 PM 722 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\job_search_results[1].htm 1/20/2006 2:30 PM 35.43 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\left_box[1].gif 1/20/2006 2:23 PM 1.30 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\main[2].css 1/20/2006 2:29 PM 7.47 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\service[1].htm 1/20/2006 2:34 PM 43.00 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T0CZL1OT\wbkFD.tmp 1/20/2006 2:21 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\44-51-ersn_cbee01_500x25[1].gif 1/20/2006 2:29 PM 4.62 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\CAQJCHQ7.php 1/20/2006 2:29 PM 980 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\dotedLine_signOn_163width[1].gif 1/20/2006 2:23 PM 85 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\main[1].js 1/20/2006 2:29 PM 4.57 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\nav_13[1].gif 1/20/2006 2:29 PM 865 bytes Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\optstr[1].htm 1/20/2006 2:34 PM 5.79 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\stu_misc[1].css 1/20/2006 2:29 PM 1.48 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\table[2].js 1/20/2006 2:29 PM 7.52 KB Hidden from Windows API.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T9F600XT\transparentgif[1].gif 1/20/2006 2:23 PM 43 bytes Hidden from Windows API.


I scanned a second time and I got this.

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 1/20/2006 4:59 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\LocalService\Desktop\RootkitReveal2.txt 1/20/2006 5:01 PM 26.39 KB Hidden from Windows API.

Dunno why they're different. I scanned again and all I got was the two things like the last one.

I scanned with the F-secure blacklight and it found nothing.
Please tell me what's going on!!

#7 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 20 January 2006 - 06:46 PM

I dont know if it's necessary, but here's the blacklight lot.

01/20/06 18:03:31 [Info]: BlackLight Engine 1.0.30 initialized
01/20/06 18:03:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/20/06 18:03:31 [Note]: 7019 4
01/20/06 18:03:31 [Note]: 7005 0
01/20/06 18:03:42 [Note]: 7006 0
01/20/06 18:03:42 [Note]: 7011 1864
01/20/06 18:03:42 [Note]: FSRAW library version 1.7.1014
01/20/06 18:05:41 [Note]: 7007 0

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 20 January 2006 - 07:43 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]

#9 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 21 January 2006 - 04:48 PM

I did it but it's still doing what it did before.
Sorry this is taking so long!!
What else can I do?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 21 January 2006 - 04:52 PM

Lets try two more information gathering tools. This is the first one:

Download Silentrunners.zip from:

http://www.silentrunners.org/

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run. When it asks if you want to skip the supplemental search tests, press the No button.

When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

#11 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 22 January 2006 - 04:39 PM

When I try to run it I get an alert that says "This script requires Windows Management Instrumentation to run." Then it tells me how to change it so it is running. When I go to control panel and tell it to start running WMI, I get a message that says "could not start the windows management instrumentation service on Local Computer. Error 1068: the dependency service or group failed to start."

So it wont let me run the program and it wont let me change my settings so the WMI is running.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 22 January 2006 - 04:49 PM

Make sure the event log and remote procedure call (rpc) services are started as well.

#13 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 22 January 2006 - 06:45 PM

It wont let me start windows management instrumentation or the event log. What do I do now?

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:05 AM

Posted 22 January 2006 - 06:58 PM

Are the services set to disabled? Is it giving an error message?

#15 bretttug

bretttug
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 22 January 2006 - 07:06 PM

Yes, for the Windows management instrumentation it says "error 1068: the dependency service or group faied to start," and for the event log it says "error 1501: no event log file could be opened, so the event logging service did not start."
How would I know if the services are set to disabled?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users