Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Startup


  • Please log in to reply
18 replies to this topic

#1 sutra

sutra

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 29 January 2012 - 09:34 AM

Hi,

This is my first post on Bleeping Computer and it was
recommended that I contact you by The Dark Knight at
Spywareinfo.com regarding a slow startup.

I had a problem with browser hijacking which, along with
other malware and spyware, has now been rectified but he
doesn't think the slow startup is due to malaware or spyware.

I have removed any programs I no longer need and deleted
any files and folders including temporary files and folders
and cleared out the recycle bin the problem still exists.

There doesn't seem to be any reason for the sudden slow
start up as my computer was ok and I hadn't opened any
programs or email that looked suspicious. After shutting
down the next time I rebooted the problem arose.

Any help would be much appreciated. Below is a copy of
the time it takes my computer tp start up.

sutra

BC AdBot (Login to Remove)

 


#2 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 29 January 2012 - 09:53 AM

Ooops! Sorry, I didn't paste copy of startup time

My computer seems to be running fine apart from start up which is now
taking 4/5 minutes. When I power up I get the "XP is starting up" message
which lasts for about 30 seconds, then the "welcome" screen which lasts
for about 45 seconds followed by the desktop but without desktop icons.
This lasts for around two minutes when the desktop items start appearing,
after which running programs start appearing in the bottom right hand
corner taking about 35/40 seconds. Once start up has finished, when I click
on a program or website they appear quite quickly.

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 29 January 2012 - 11:06 AM

System manufacturer and model?

Please read Slow Computer-browser Check Here First; It May Not Be Malware - http://www.bleepingcomputer.com/forums/topic87058.html .

When did this slow startup begin?

Louis

#4 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 30 January 2012 - 11:02 AM

Hi, Louis

Thanks for your reply.

My computer is a Toshiba Satellite Pro A120,
Model Number PSACOE-037014 EN.

The problem started about 2 weeks ago. Shortly afterwards
I became infected with the browser hijacker
searchqu.com, which I thought may have caused the startup
problem. Although this and other malware and spyware has
been rectified the problem still exists.

My laptop was serviced by a Toshiba technician about 5 months
ago and once startup has completed I don't have any problems
accessing websites, programs, files or folders.

Hope this helps. Thanks once again.

sutra

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 30 January 2012 - 02:55 PM

<<There doesn't seem to be any reason for the sudden slow start up as my computer was ok and I hadn't opened any programs or email that looked suspicious. After shutting
down the next time I rebooted the problem arose.>>

<<I had a problem with browser hijacking which, along with other malware and spyware, has now been rectified but he doesn't think the slow startup is due to malaware or spyware>>

<<My computer seems to be running fine apart from start up which is now taking 4/5 minutes.>>

Go to http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx . To the right, there is Run Autoruns now from Live.Sysinternals.com , press that button.

You will see two screens, each with a RUN button...click RUN on each.

You will see a list of tabs near the top of the output. Click the tab listed as Logon, we are only concerned with that tab.

Take a screenshot and post it in your next reply.

How To Capture And Edit A Screen Shot, LH Modified - http://www.bleepingcomputer.com/forums/topic43088.html/page__gopid__2493350


Louis

Edited by hamluis, 30 January 2012 - 03:00 PM.


#6 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 31 January 2012 - 02:50 AM

Hi once again,

Here is attachment of screen shot as requested.
Hope it works!

sutra.

Attached Files



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 31 January 2012 - 08:21 AM

Please...do a screenshot...only of the Logon tab reflected by Autoruns. I need to be able to see everything listed on that tab and the rest of your desktop/screen is of no interest to me.

Thanks.

Louis

#8 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 01 February 2012 - 06:13 AM

Hi,Louis,

Sorry about that. I think I've finally figured it out.
Hope this one works!

sutra.

Attached Files



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 01 February 2012 - 11:11 AM

You need to...expand the Logon tab window...to full screen...before capturing via Print Screen button. Your screenshot does not reflect most or all of your startup items on the Logon tab.

That is what we need to see.

Louis

#10 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 February 2012 - 03:40 AM

Sorry, Louis, you must be sick of us non-techie guys.

New screenshot as requested. Maybe third time lucky,
I hope! Thanks once again.

sutra

Attached Files



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:39 PM

Posted 02 February 2012 - 08:38 AM

No problem, I'm a non-techie myself :).

Spyware Guard appears to be malware.

You seem to have 2 AV programs installed, McAfee and Avira. You should uninstall the McAfee program, IMO, but don't do it now.

I'm moving your topic to Am I Infected for a closer look re possible malware.

Louis

#12 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 February 2012 - 11:06 AM

Thanks, Louis, look forward to your next reply.

Non-Techie? Could have fooled me!

sutra.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 02 February 2012 - 11:21 AM

Hello, actually Spware Guard is safe if it's this one (which it looks like)
http://www.javacoolsoftware.com/spywareguard.html


we should run these now,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Now uninstall McAfee and reboot.

Edited by boopme, 02 February 2012 - 11:24 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 sutra

sutra
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 03 February 2012 - 01:39 AM

Hello, boopme,

Thanks for your reply. I've followed your instructions
apart from uninstalling McAfee IMO AV, I can't find it
in add/remove programs, only McAfee Personal Firewall.

Below are logs as requested.

sutra

MiniToolBox by Farbar Version: 18-01-2012
Ran by Brian (administrator) on 03-02-2012 at 05:23:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG511 54 Mbps Wireless PC Card = Wireless Network Connection 3 (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Media disconnected)
Atheros AR5006EG Wireless Network Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Brian-Home

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : NETGEAR WG511 54 Mbps Wireless PC Card

Physical Address. . . . . . . . . : 00-80-48-2B-87-B1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 02 February 2012 17:34:44

Lease Expires . . . . . . . . . . : 03 February 2012 17:34:44



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-15-B7-E6-65-53



Ethernet adapter Wireless Network Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-16-E3-A3-FF-AC

Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.229.103, 209.85.229.147, 209.85.229.105, 209.85.229.104
209.85.229.99



Pinging google.com [209.85.229.147] with 32 bytes of data:



Reply from 209.85.229.147: bytes=32 time=49ms TTL=49

Reply from 209.85.229.147: bytes=32 time=50ms TTL=49



Ping statistics for 209.85.229.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 49ms, Maximum = 50ms, Average = 49ms

Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=213ms TTL=45

Reply from 98.137.149.56: bytes=32 time=222ms TTL=45



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 213ms, Maximum = 222ms, Average = 217ms

Server: BThomehub.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 80 48 2b 87 b1 ...... NETGEAR WG511 54 Mbps Wireless PC Card - Packet Scheduler Miniport
0x3 ...00 15 b7 e6 65 53 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x4 ...00 16 e3 a3 ff ac ...... Atheros AR5006EG Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 25
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 25
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 25
255.255.255.255 255.255.255.255 192.168.1.64 4 1
255.255.255.255 255.255.255.255 192.168.1.64 3 1
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/31/2012 05:34:32 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/30/2012 09:33:37 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/29/2012 10:51:00 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/29/2012 08:59:53 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x002757bc.
Processing media-specific event for [winword.exe!ws!]

Error: (01/28/2012 10:14:31 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x002757bc.
Processing media-specific event for [winword.exe!ws!]

Error: (01/28/2012 10:02:22 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x002757bc.
Processing media-specific event for [winword.exe!ws!]

Error: (01/28/2012 06:44:19 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/27/2012 07:55:58 AM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue

Error: (01/26/2012 08:14:28 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x002757bc.
Processing media-specific event for [winword.exe!ws!]

Error: (01/26/2012 08:09:02 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.3822, faulting module winword.exe, version 9.0.0.3822, fault address 0x002757bc.
Processing media-specific event for [winword.exe!ws!]


System errors:
=============
Error: (01/31/2012 05:36:14 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/30/2012 09:35:19 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/29/2012 10:52:42 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/29/2012 10:52:41 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1055" attempting to start the service hpqcxs08 with arguments ""
in order to run the server:
{1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error: (01/29/2012 10:52:41 AM) (Source: DCOM) (User: Brian)
Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/28/2012 06:46:01 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/28/2012 06:46:00 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1055" attempting to start the service hpqcxs08 with arguments ""
in order to run the server:
{1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error: (01/28/2012 06:46:00 AM) (Source: DCOM) (User: Brian)
Description: DCOM got error "%%1055" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (01/27/2012 07:57:40 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/26/2012 07:14:33 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (01/31/2012 05:34:32 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/30/2012 09:33:37 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/29/2012 10:51:00 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/29/2012 08:59:53 AM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.3822002757bc

Error: (01/28/2012 10:14:31 AM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.3822002757bc

Error: (01/28/2012 10:02:22 AM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.3822002757bc

Error: (01/28/2012 06:44:19 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/27/2012 07:55:58 AM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue

Error: (01/26/2012 08:14:28 AM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.3822002757bc

Error: (01/26/2012 08:09:02 AM) (Source: Application Error)(User: )
Description: winword.exe9.0.0.3822winword.exe9.0.0.3822002757bc


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
ALPS Touch Pad Driver
Ask Toolbar (Version: 1.14.0.0)
Atheros Client Utility (Version: 1.55.000)
Atheros Wireless LAN MiniPCI/PCIe card Driver (Version: 1.34.000)
Avira Free Antivirus (Version: 12.0.0.872)
Bluetooth Stack for Windows by Toshiba (Version: v4.00.36(T))
BTOffer1 (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
CCleaner (Version: 3.14)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Compex iWavePort WL54G
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DupeFree Pro (Version: 1.0.0)
EasyPageMaker
eBook Maestro FREE 1.80 (Version: 1.80)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Eusing Free Registry Cleaner
Facebook Buzz v2.20
FoneSync
Free Opener (Version: 1.4)
GIMP 2.6.7
GPBaseService (Version: 100.0.187.000)
GTK+ 2.6.10-20050823 runtime environment
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Image Expert
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Connections Drivers
InterVideo WinDVD Creator 2 (Version: 2.0.14.397)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.546)
IrfanView (remove only) (Version: 4.32)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 100.0.170.000)
McAfee Personal Firewall Plus (Version: 4530)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft AutoRoute 2001 (Version: 8.00.15.1000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Encarta World Atlas 2001 - WE (Version: 2001)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel Viewer (Version: 12.0.6425.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Picture It! Publishing 2001 (Version: 5.0.0.0000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2000 SR-1 (Version: 9.00.3821)
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.1829)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OLYMPUS Master 2 (Version: 1.0.13)
Paint.NET v3.5.10 (Version: 3.60.0)
PanoStandAlone (Version: 100.0.170.000)
PS_AIO_03_C4400_Software (Version: 100.0.206.000)
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000)
PSSWCORE (Version: 2.02.0000)
Realtek High Definition Audio Driver (Version: 2.09)
Scan (Version: 10.1.0.0)
SD Secure Module (Version: 1.0.4)
Serif DrawPlus 5.0
Serif MediaPlus 1.0 (Version: 1.0)
Serif PagePlus 8.0
Serif PhotoPlus 7.0
Serif WebPlus 7.0
Shockwave
Shop for HP Supplies (Version: 10.0)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Sonic DLA (Version: 5.2.0)
Sonic RecordNow! (Version: 7.31)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.5 (Version: 4.5.0)
SpywareGuard v2.2 (Version: 2.2)
Status (Version: 100.0.175.000)
Toolbox (Version: 100.0.170.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.05)
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection (Version: 1.01.08f)
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Manuals (Version: 7.06)
TOSHIBA Password Utility (Version: 2.01.09)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.08.04)
TOSHIBA SD Memory Boot Utility (Version: 1.1.0.0A)
TOSHIBA SD Memory Card Format
TOSHIBA Security Assist (Version: 1.1.8)
TOSHIBA Software Modem (Version: 2.1.63 (SM2163ALD02))
TOSHIBA TouchPad On/Off Utility V2.05.01
TOSHIBA Utilities (Version: 4.30.11)
TOSHIBA Zooming Utility
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 1.1.11 (Version: 1.1.11)
Vodafone Mobile Connect Lite (Version: 9.3.5.11690)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows iLivid Toolbar (Version: 3.0.0.118320)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Wireless Hotkey (Version: 2.0.0.6)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)

========================= Devices: ================================

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 1919.17 MB
Available physical RAM: 1432.28 MB
Total Pagefile: 3816.21 MB
Available Pagefile: 3426.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.69 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:282.4 GB) NTFS
3 Drive e: (USB-HDD) (Fixed) (Total:149.01 GB) (Free:135.67 GB) FAT32

========================= Users: ========================================

User accounts for \\BRIAN-HOME

Administrator ASPNET Brian
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/02/2012 at 5:58:18.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe


Rkill completed on 03/02/2012 at 5:58:23.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brian :: BRIAN-HOME [administrator]

03/02/2012 06:00:58
mbam-log-2012-02-03 (06-00-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184547
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:39 PM

Posted 03 February 2012 - 02:58 PM

Lets do 2 more scans and see how it is.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users