Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Startup And Serious Lag


  • This topic is locked This topic is locked
9 replies to this topic

#1 m011476

m011476

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 09 April 2007 - 07:33 AM

Hello,
I have been working on my wife's laptop for a fews day now and can't seem to find anything myself here are the details. It takes over a minute to start and is extremely slow - it took me over 30 minutes to open your site, register, and find out how to post before I put the log on a thumbdrive and went to my computer. I have run the following scans with no changes to the computer: McAfee virus scan, TrendMicro online scan, Ad-Aware SE, SupeAntiSpyware, VundoFix, and VirtumondoBeGone. I don't know if it is clean and just slow due to heat, slow processors, or what, but here's the HijackThis log just to be sure. Thanks so much for your help.

Matt


Logfile of HijackThis v1.99.1
Scan saved at 20:45, on 07-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5b4b5b81-6354-4e54-9e91-7000f94e9638} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - http://ivx.radiancecomms.com/ClickToTalk/download/CVALAX.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

Attached Files



BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:29 AM

Posted 13 April 2007 - 07:01 AM

Hello m011476 and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

There is some housekeeping and updating that we can do but before we do that let me ask you this. Was Tenebril Spycatcher installed on this machine at one time and then removed?

Let's also get a little more info.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • <list of options>
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 m011476

m011476
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 April 2007 - 12:30 AM

OldTimer,
Thanks a lot for replying quickly. I downloaded the program but wasn't sure which additional scans I should click on. The post only said <list of options>. I would have done one with all checked, but figured I'd doublecheck with you as not to waste your time reading through the long list. Thanks again.

Matt

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:29 AM

Posted 14 April 2007 - 07:46 AM

Hi m011476. Silly me! Under Additional Scans just check Reg - Disabled MS Config Items.

Sorry about that.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 m011476

m011476
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 April 2007 - 08:07 AM

OldTimer,
Here's the log created by the program:

WinPFind3 logfile created on: 04.14.2007 9:53:05 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Matt\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

502.42 Mb Total Physical Memory | 163.74 Mb Available Physical Memory | 32.59% Memory free
1.20 Gb Paging File | 0.88 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 62.64 Gb Free Space | 84.28% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ERIN
Current User Name: Matt
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12.13.2001 1:01:00 PM | Attr = ]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 04.12.2002 1:00:00 PM | Attr = ]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12.04.2004 5:24:20 AM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 11.17.2006 1:37:44 PM | Attr = ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 0, 0, 31 | Size = 790528 bytes | Modified Date = 01.22.2005 5:40:02 AM | Attr = ]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2,4,0,26 | Size = 65536 bytes | Modified Date = 07.03.2001 9:17:04 AM | Attr = ]
hpqwmi.exe -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 11.18.2004 2:32:56 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 02.17.2005 12:11:42 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 155648 bytes | Modified Date = 01.23.2005 3:36:10 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.19.1 | Size = 38912 bytes | Modified Date = 01.14.2005 10:15:52 AM | Attr = ]
lxrsii1s.exe -> %System32%\LxrSII1s.exe -> [Ver = | Size = 53248 bytes | Modified Date = 05.20.2005 4:48:34 AM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 11.17.2006 3:06:00 AM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11.17.2006 1:40:56 PM | Attr = ]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 112216 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 688218 bytes | Modified Date = 11.05.2004 3:38:54 AM | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 98394 bytes | Modified Date = 11.05.2004 3:40:08 AM | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11.17.2006 1:39:58 PM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 04.10.2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 04.12.2002 1:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 08.04.2004 5:00:00 PM | Attr = ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 2 | Size = 98304 bytes | Modified Date = 11.18.2004 2:32:56 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.19.1 | Size = 38912 bytes | Modified Date = 01.14.2005 10:15:52 AM | Attr = ]
(LxrSII1s) Lexar Secure II [Win32_Own | Auto | Running] -> %System32%\LxrSII1s.exe -> [Ver = | Size = 53248 bytes | Modified Date = 05.20.2005 4:48:34 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 11.17.2006 1:37:44 PM | Attr = ]
(McShield) McAfee McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 233534 bytes | Modified Date = 11.06.2004 5:52:06 AM | Attr = ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 12.04.2004 5:24:20 AM | Attr = ]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 02.17.2005 12:11:42 PM | Attr = ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> File not found
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 155648 bytes | Modified Date = 01.23.2005 3:36:10 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11.17.2006 1:39:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 02.16.2007 10:54:04 AM | Attr = ]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 112216 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 688218 bytes | Modified Date = 11.05.2004 3:38:54 AM | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.7 04Nov04 | Size = 98394 bytes | Modified Date = 11.05.2004 3:40:08 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
interceptor.dll -> interceptor.dll -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4020 | Size = 348160 bytes | Modified Date = 01.23.2005 3:31:10 AM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11.04.2003 6:17:44 AM | Attr = ]
{5b4b5b81-6354-4e54-9e91-7000f94e9638} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11.30.2006 8:50:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0\bin\NPJPI150.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.0 | Size = 69740 bytes | Modified Date = 04.10.2005 6:34:20 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1120E949-BD5F-4216-8C8E-DF1361A3274F} -> (1394 Net Adapter) ->
{9489C9F3-88D9-4656-AB4C-91C001927BF1} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{B9657F9D-4E33-4DB0-9C4E-6505A97E74D9} -> () ->
{F5771308-7BB7-4B2A-B205-771EFFC92D5D} -> (Broadcom 802.11b/g WLAN) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab ->
{55027008-315F-4F45-BBC3-8BE119764741} -> Slide Image Uploader Control - CodeBase = http://www.slide.com/uploader/SlideImageUploader.cab ->
{5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} -> CVALAXObj Class - CodeBase = http://ivx.radiancecomms.com/ClickToTalk/download/CVALAX.CAB ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} -> - CodeBase = http://www.trendmicro.com/spyware-scan/as4web.cab ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.5.0 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe -> Sony Corporation [Ver = 1, 0, 31121, 1 | Size = 151552 bytes | Modified Date = 11.22.2003 10:02:42 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk -> %ProgramFiles%\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -> Sony Corporation. [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 07.09.2004 5:13:42 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinKill.lnk -> %ProgramFiles%\WinKill\WinKill.exe -> Reeb Software Ltd [Ver = 2.0 | Size = 76288 bytes | Modified Date = 10.13.1998 12:43:08 AM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Aim6 -> -> File not found
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10.15.2004 5:54:32 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 02.16.2007 10:54:04 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 09.12.2006 3:31:58 AM | Attr = ]


[Files/Folders - Created Within 30 days]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 04.09.2007 8:23:03 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526897152 bytes | Created Date = 01.02.1601 3:00:00 PM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 04.07.2007 1:04:15 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 04.05.2007 7:36:19 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 04.06.2007 11:43:30 PM | Attr = ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 03.18.2007 11:46:08 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Created Date = 03.18.2007 11:47:51 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 03.18.2007 11:47:42 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 04.05.2007 7:14:27 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 03.18.2007 11:46:41 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 03.18.2007 11:48:19 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 03.18.2007 11:48:11 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 03.18.2007 11:48:00 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 03.18.2007 11:45:53 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 03.18.2007 11:47:01 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 04.12.2007 12:48:51 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 04.12.2007 12:49:01 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 04.12.2007 12:49:28 AM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 03.18.2007 11:46:49 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 04.12.2007 12:48:32 AM | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 04.12.2007 12:48:43 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 04.05.2007 9:00:07 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 04.05.2007 9:00:07 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 04.07.2007 1:05:53 PM | Attr = ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 430 bytes | Created Date = 04.09.2007 11:56:06 PM | Attr = ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 360 bytes | Created Date = 04.09.2007 11:56:05 PM | Attr = ]
sonypvu1.sys -> %System32%\dllcache\sonypvu1.sys -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 04.01.2007 7:55:51 PM | Attr = ]
SONYPVU1.SYS -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Created Date = 04.01.2007 7:55:51 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 04.06.2007 10:13:39 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 04.08.2007 10:12:42 PM | Attr = HS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 04.09.2007 8:23:06 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 04.09.2007 9:00:24 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526897152 bytes | Modified Date = 04.14.2007 7:34:46 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 04.09.2007 11:56:02 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 04.07.2007 1:04:28 PM | Attr = ]
QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 03.26.2007 9:44:14 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 04.09.2007 11:19:58 PM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 04.05.2007 7:50:12 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 04.08.2007 10:13:48 PM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 04.06.2007 11:43:32 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 04.14.2007 7:35:42 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 04.11.2007 9:23:10 AM | Attr = H ]
$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 03.18.2007 11:46:10 PM | Attr = H ]
$NtUninstallKB923723$ -> %SystemRoot%\$NtUninstallKB923723$ -> [Folder | Modified Date = 03.18.2007 11:47:52 PM | Attr = H ]
$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 03.18.2007 11:47:44 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 04.05.2007 7:14:30 PM | Attr = H ]
$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 03.18.2007 11:46:42 PM | Attr = H ]
$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 03.18.2007 11:48:22 PM | Attr = H ]
$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 03.18.2007 11:48:12 PM | Attr = H ]
$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 03.18.2007 11:48:02 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 03.18.2007 11:45:56 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 03.18.2007 11:47:04 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 04.12.2007 12:48:52 AM | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 04.12.2007 12:49:02 AM | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 04.12.2007 12:49:32 AM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 03.18.2007 11:46:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 04.12.2007 12:48:36 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 04.14.2007 7:34:48 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 04.05.2007 4:58:02 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 04.14.2007 7:29:56 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 04.12.2007 12:49:08 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 04.14.2007 7:29:54 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 04.05.2007 9:21:38 PM | Attr = HS]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 04.12.2007 6:48:48 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 04.07.2007 8:35:14 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 04.05.2007 9:00:08 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 04.10.2007 12:17:18 AM | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 04.14.2007 7:26:02 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 04.09.2007 11:56:08 PM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 04.14.2007 7:31:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 918 bytes | Modified Date = 04.07.2007 12:06:00 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 03.18.2007 11:47:46 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 04.14.2007 7:34:52 PM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 04.14.2007 9:50:02 PM | Attr = ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 430 bytes | Modified Date = 04.14.2007 7:34:54 PM | Attr = ]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 360 bytes | Modified Date = 04.09.2007 11:56:08 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 04.14.2007 1:27:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 04.14.2007 7:29:50 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 04.14.2007 1:26:36 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 04.08.2007 10:08:26 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 03.18.2007 11:46:36 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 247104 bytes | Modified Date = 04.10.2007 6:48:44 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 04.14.2007 7:34:36 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53166 bytes | Modified Date = 04.07.2007 10:57:08 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380918 bytes | Modified Date = 04.07.2007 10:57:08 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439376 bytes | Modified Date = 04.07.2007 10:57:06 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 04.08.2007 10:13:48 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 04.14.2007 7:36:40 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 04.05.2007 7:40:48 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 04.05.2007 9:39:52 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 08.04.2004 5:00:00 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\epoPGPsdk.dll -> PGP Corporation [Ver = 3.5.3 | Size = 1495552 bytes | Modified Date = 11.17.2006 3:06:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 08.04.2004 5:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 08.04.2004 10:00:00 PM | Attr = ]

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:29 AM

Posted 14 April 2007 - 08:31 AM

Hi m011476. I don't see anything bad in that log either. Just a little housekeeping.

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> interceptor.dll -> interceptor.dll
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> WRLogonNTF.dll
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5b4b5b81-6354-4e54-9e91-7000f94e9638} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> Aim6 ->
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here and I will review it when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 m011476

m011476
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 April 2007 - 08:37 AM

Here's the Fix Log:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls written successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4b5b81-6354-4e54-9e91-7000f94e9638} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6 deleted successfully.
File not found.
[Empty Temp Folders]
C:\DOCUME~1\Matt\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 04.14.2007 22:33:47

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:29 AM

Posted 14 April 2007 - 08:58 AM

Hi m011476. that all looks good.

If the system is still having performance issues then the best thing to do is post in the Windows XP Home and Professional forum and let the techs there have a look at it. More often than not performance issues are not related to malware but rather configuration or software issues.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 m011476

m011476
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 April 2007 - 09:03 AM

OT,
Thanks for taking the time to help me out. I figured it wasn't spyware or anything since I ran scans with about a half dozen different programs, but I figured I'd let an expert check it out. I'll be sure to ask for help from you guys in the future if anything else comes up. Thanks again for the advice.

Take it easy,
Matt

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:29 AM

Posted 15 April 2007 - 07:32 AM

You are welcome m011476. I am sure they will be able to help there.

I will now close this topic. If you have any new malware question or issues in the future please start a new topic.

Cheers and Happy Computing :thumbsup:

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users