Searh Engine Redirects, and More

[TheBruce1]

Hello again

4GB of RAM is plenty, so that would not be the cause.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::
DDS::
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=======

You could have too many applications running at startup and this could be the cause. My colleague has written an excellent article entitled Is your PC running slow...? .

Try disabling application that are not required at startup and see if that resolves the problem.

[TrnDrvr]

Hello,

I have disabled unnecessary startup applications, however, the 10 minute delay occurs before Windows even begins to load. Is it possible that malware has altered my bios to cause this delay before boot up?

Here is C:\ComboFix.txt


ComboFix 09-07-12.03 - Ron 07/13/2009 9:40.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.2957 [GMT -4:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-12 17:46 . 2009-07-13 12:19 117760 ----a-w- c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-12 17:45 . 2009-07-12 17:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-12 17:26 . 2009-07-12 17:27 -------- d-s---w- C:\Combo-Fix
2009-07-03 15:37 . 2009-07-03 15:37 -------- d--h--w- c:\windows\PIF
2009-07-02 19:42 . 2009-07-02 19:42 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\RapidSolution
2009-07-02 19:41 . 2009-07-02 19:41 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-07-02 19:41 . 2009-07-02 19:41 466944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2009-07-02 19:41 . 2009-07-02 19:41 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2009-07-02 19:41 . 2009-07-02 19:41 169240 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2009-07-02 19:41 . 2009-07-02 19:41 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2009-07-02 19:41 . 2009-07-02 19:41 1258776 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 278528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 410904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2009-07-02 19:41 . 2009-07-02 19:41 405504 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2009-07-02 19:39 . 2009-07-02 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-07-02 19:39 . 2009-07-02 19:39 -------- d-----w- c:\program files\RapidSolution
2009-07-02 19:01 . 2009-07-02 19:01 -------- d-----w- c:\program files\DigitalHQ
2009-07-02 12:54 . 2009-07-02 12:54 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Temp
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 03:21 . 2008-06-15 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 03:20 . 2008-06-15 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 02:25 . 2008-06-16 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-12 20:50 . 2008-03-10 21:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-12 20:50 . 2009-05-22 13:41 -------- d-----w- c:\program files\SpywareBlaster
2009-07-12 17:45 . 2007-12-08 14:32 -------- d-----w- c:\documents and settings\Ron\Application Data\SUPERAntiSpyware.com
2009-07-12 17:44 . 2007-12-08 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:12 . 2008-06-23 18:42 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-12 17:12 . 2008-06-23 18:42 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-12 17:12 . 2008-06-23 18:42 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-12 17:12 . 2008-06-23 18:42 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-09 13:50 . 2007-12-06 15:26 90112 ----a-w- c:\windows\DUMP561e.tmp
2009-07-02 19:41 . 2009-07-02 19:40 393216 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2009-07-02 19:40 . 2009-07-02 19:40 415000 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 385024 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2009-07-02 19:40 . 2009-07-02 19:40 427288 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2009-07-02 19:40 . 2009-07-02 19:40 419096 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2009-07-02 19:40 . 2009-07-02 19:40 439576 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2009-07-02 19:40 . 2009-07-02 19:40 423192 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2009-07-02 19:40 . 2009-07-02 19:40 421888 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-07-02 19:40 . 2009-07-02 19:40 413696 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\EncodingBackend\lame_enc.dll
2009-06-30 16:25 . 2007-12-12 15:43 3488 ----a-w- c:\documents and settings\Ron\Application Data\wklnhst.dat
2009-06-28 02:14 . 2008-02-18 19:49 -------- d-----w- c:\program files\DeductionPro 2007
2009-06-28 02:14 . 2003-09-19 11:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 02:06 . 2009-01-07 20:46 -------- d-----w- c:\program files\Camfrog
2009-06-28 02:03 . 2007-12-10 16:10 -------- d-----w- c:\program files\Java
2009-06-28 01:46 . 2009-01-30 21:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 01:46 . 2009-01-30 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 01:46 . 2009-01-30 21:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 18:03 . 2007-12-30 20:02 -------- d-----w- c:\program files\Opera
2009-06-23 18:01 . 2008-04-15 16:37 -------- d-----w- c:\program files\Bonjour
2009-06-14 16:05 . 2009-01-27 21:40 -------- d-----w- c:\program files\MSI
2009-06-14 16:04 . 2009-02-12 14:50 -------- d-----w- c:\program files\Setup Files
2009-06-12 22:59 . 2008-04-15 16:38 -------- d-----w- c:\program files\Safari
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iTunes
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iPod
2009-06-12 22:54 . 2009-04-11 18:45 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 22:51 . 2008-07-30 14:08 -------- d-----w- c:\program files\QuickTime
2009-06-12 22:43 . 2009-06-12 22:43 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-11 22:37 . 2009-06-11 22:37 152576 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 14:28 . 2008-10-08 20:21 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-09 22:15 . 2009-06-09 22:15 37664 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-06-04 19:50 . 2009-06-04 19:50 -------- d-----w- c:\program files\Maxtor
2009-06-01 23:55 . 2007-12-21 13:30 -------- d-----w- c:\program files\Yahoo!
2009-06-01 14:01 . 2009-06-01 14:01 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-29 16:12 . 2007-12-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-28 16:30 . 2009-05-28 16:03 -------- d-----w- c:\program files\Verizon
2009-05-28 16:04 . 2009-05-28 16:01 -------- d-----w- c:\program files\Common Files\Motive
2009-05-28 14:12 . 2009-05-28 14:10 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-05-25 13:55 . 2008-05-14 18:23 -------- d-----w- c:\documents and settings\Ron\Application Data\mjusbsp
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-24 13:40 . 2009-05-25 00:15 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-24 13:39 . 2009-05-24 13:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-24 13:39 . 2009-05-24 13:39 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-24 13:36 . 2009-05-24 13:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-21 21:27 . 2008-06-20 23:01 -------- d-----w- c:\program files\SpywareGuard
2009-05-21 15:33 . 2009-02-20 19:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 19:12 . 2007-12-06 19:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2003-09-19 10:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:23 . 2009-01-30 21:24 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-06-23 16:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-09-19 10:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 19:39 . 2008-04-20 15:24 1 ----a-w- c:\documents and settings\Ron\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-01-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0540Ext.ax"="c:\windows\system32\V0540Ext.ax" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240]
"PCMService"="c:\program files\PowerCinema\PCMService.exe" [2003-06-24 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Secure Online Account Numbers"="c:\progra~1\Discover\SOAN\SOAN.exe" [2007-02-02 233472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-12 1793808]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-05-08 438399]
"V0540Mon.exe"="c:\windows\V0540Mon.exe" [2008-03-04 28672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2009-02-24 498688]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-12 520024]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-06-08 1553920]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-07-12 1793808]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2002-08-28 73728]
"Cmaudio"="cmicnfg.cpl" - c:\windows\CMICNFG.CPL [2003-09-13 2244608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0540Inst"="c:\windows\system32\V0540Pin.dll" [2008-06-03 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-28 01:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Ron^Start Menu^Programs^Startup^CNX Project 5.25.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Ron\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/24/2009 9:40 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2009 5:23 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2009 5:24 PM 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/23/2008 2:42 PM 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/23/2008 2:42 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/30/2009 5:23 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 5:22 PM 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/6/2009 9:16 PM 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/24/2009 11:20 PM 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [9/12/2003 7:42 AM 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [1/24/2009 11:24 PM 31616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [9/12/2003 7:03 AM 153088]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [12/31/2007 4:38 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [12/31/2007 4:38 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [12/31/2007 4:38 PM 52309]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:57]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-04-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8201457680.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 02:58]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007Core.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007UA.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]

2009-07-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 09:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*}*d*#\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5456)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-13 9:45
ComboFix-quarantined-files.txt 2009-07-13 13:45
ComboFix2.txt 2009-07-12 02:53

Pre-Run: 79,257,534,464 bytes free
Post-Run: 79,219,511,296 bytes free

309 --- E O F --- 2009-07-10 18:25

[TheBruce1]

Hello again

Quote:

Is it possible that malware has altered my bios to cause this delay before boot up?

No, the BIOS from a startup point of view would only change how the system was to start, you can change it so the pc will start from CD/DVD or USB.

Did you install or make any changes just prior to this occurring, if not, when did this problem emerge.

[TrnDrvr]

Hi!

The problem first occurred Wednesday evening when I used Run.bat to open GMER (see post #5 in this thread). During the scan, my computer shut down and when it began to restart it became stuck on the splash screen. I tried to boot up again the next morning with the same results. I decided wait to see what happened and after ten minutes it moved from the splash screen and started to boot up Windows XP. Prior to this it booted up normally. I usually leave my computer running all day and shut down at night.

[TheBruce1]

Hello again

Lets try this, make sure AVG and Comodo do not interfere, you should disconnect from the internet once you have downloaded GMER.


Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe

The program will begin to run. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes. Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.

If you do not receive notice about possible rootkit activity, remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Click on the Save button, and save the log file somewhere you can easily find it, such as your desktop. Please attach that log to your next reply.


The uninstall GMER.

Click Start>Run and type or copy/paste the following command then hit enter to uninstall gmer.

%systemroot%\gmer_uninstall.cmd

Reboot. Enable AVG and Comodo before reconnecting to the internet.

[TrnDrvr]

Gmer did not report rootkit activity. I clicked scan. During the scan, an error box opened that read "GMER has encountered a problem and needs to close.
I double checked AVG and Comodo to make sure they were disabled and ran Gmer two more times with the same results. I can't get it to complete the scan.

[TheBruce1]

Uninstall GMER and reboot with both AVG and Comodo disabled, make sure you disconnect from the internet first.

Does the system boot up any faster. Enable AVG and Comodo and then re-connect to the internet.

[TrnDrvr]

Hi!

After disconnecting from the internet and disabling AVG and Comodo, I retarted my computer. It still stays on the splash screen for ten minutes before it begins to load XP.

[TheBruce1]

Hello again

Have you tried Last Known Good Configuration yet. Start tapping F8 when system boot up and select Last Known Good Configuration, does the problem persist?

If so, try this.

S& D Spybot's Tea Timer


Please disable TeaTimer for now. TeaTimer can be re-activated later.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot and if the problem persists, post a fresh DDS.txt

[TrnDrvr]

Hello TheBruce1,

After trying "Last Known Good Configuration" and disabling TeaTimer, the problem is still there. Its odd because the delay on the splash screen seems to last for exactly ten minutes before boot up begins.

Here is the fresh fresh DDS.txt:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Ron at 11:03:44.03 on Tue 07/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.2933 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\PROGRA~1\Discover\SOAN\SOAN.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\V0540Mon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Documents and Settings\Ron\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: DeskshopBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\windows\system32\BhoDshop.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\ron\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Dit] Dit.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [PCMService] "c:\program files\powercinema\PCMService.exe"
mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\SOAN.exe /dontopenmycards
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [Live! Central] "c:\program files\creative\creative live! cam\live! central\CTLVCentral.exe" /mode2
mRun: [c:\windows\system32\v0540ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0540Ext.ax
mRun: [V0540Mon.exe] c:\windows\V0540Mon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [VF0540Inst] RunDll32.exe c:\windows\system32\V0540Pin.dll,RunDLL32EP 515
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\progra~1\discover\soan\SOAN.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214313908296
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3912152778
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\firefox\profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ron\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-30 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-6-23 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-6-23 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-30 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 298776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-6-23 707152]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-6 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-1-24 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [2003-9-12 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-24 31616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [2003-9-12 153088]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\drivers\iiusbisp.sys --> c:\windows\system32\drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2007-12-31 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2007-12-31 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2007-12-31 52309]

============== File Associations ===============

txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-13 09:39 161,792 a------- c:\windows\SWREG.exe
2009-07-13 09:39 155,136 a------- c:\windows\PEV.exe
2009-07-13 09:39 98,816 a------- c:\windows\sed.exe
2009-07-12 13:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-12 13:26 <DIR> --ds---- C:\Combo-Fix
2009-07-09 21:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 20:38 <DIR> a-dshr-- C:\cmdcons
2009-07-03 11:37 <DIR> --d-h--- c:\windows\PIF
2009-07-02 15:41 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-07-02 15:39 <DIR> --d----- c:\program files\RapidSolution
2009-07-02 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-07-02 15:01 <DIR> --d----- c:\program files\DigitalHQ

==================== Find3M ====================

2009-07-13 19:41 3,488 a------- c:\docume~1\ron\applic~1\wklnhst.dat
2009-07-12 13:12 179,792 a------- c:\windows\system32\guard32.dll
2009-07-12 13:12 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-12 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-09 09:50 90,112 a------- c:\windows\DUMP561e.tmp
2009-06-27 21:46 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 21:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-09 18:15 37,664 a------- c:\windows\system32\drivers\tbhsd.sys
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-24 09:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-24 09:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2008-01-03 14:51 12 a------- c:\documents and settings\ron\bitpim.dat
2008-05-18 12:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051820080519\index.dat

============= FINISH: 11:04:50.34 ===============

[TheBruce1]

Hello again

Click start> run > type cmd

A DOS window will open

Type chkdsk c:

Reboot. On startup windows will start checking for problems with the C drive, let it run till it finishes.

Please be patient, this process can take up to an hour!

[TrnDrvr]

Hi!

I am leaving for work and will be back tomorrow evening. I will run chkdsk then. Sorry for the delay. I really appreciate all your help. Thanks.

[TheBruce1]

Ok, thanks for letting me know.

[TrnDrvr]

Hello,

I typed chkdsk c: and rebooted like you said but after the reboot, chkdsk did not run. I typed chkdsk and pressed enter and chkdsk ran without the reboot. Chkdsk found several orphaned files and also reported the following:

"CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /f (fix) option to correct these."

The ten minute delay still persists.

[TheBruce1]

Hi

Click start> run> type cmd.

Type CHKDSK c:/f into DOS window.

Windows will now run the repair option. You may receive a warning saying that CHKDSK cannot run at this time and would you like to schedule CHKDSK to run on reboot, select Yes.

Once CHKDSK repair option has finished, reboot and if the problem persists, try booting into safe mode and let me know if it takes 10 minutes for windows to load safe mode.

[TrnDrvr]

Hi!

I ran CHKDSK c:/f and rebooting still stays on splash screen for ten minutes before it begins to do anything. It doesn't matter whether you boot normal or safe mode because nothing happens until the splash screen goes away.

[TheBruce1]

Hello again

Quote:

It doesn't matter whether you boot normal or safe mode because nothing happens until the splash screen goes away.

Since only the basic drivers are loaded in safe mode this really does not move us any further forward. Do you have your Windows XP CD?

There is really only two choices left, either:

Do a Clean Boot
http://www.pctechguide.com/tutorials/CleanBoot_Boot.htm

Or a repair installation
http://michaelstevenstech.com/XPrepairinstall.htm

[TrnDrvr]

Hi!


I couldn't get it all done before leaving for work for two days. I tried the clean boot with no success. The only copy of Windows XP that I have is on the recovery cd that came with my Medion computer. This recovery mode provides several options.

1. Recover Boot files only

2. Recover System- and Driver files.

3. Restore factory settings

I don't know if I can slipstream Windows XP SP3 with the recovery cd.

[TheBruce1]

Hello again

Restore to factory settings would be the best option, just save anything that is important to you and then restore the PC back to when it was new.

Of course you will need to install all third-party programs and windows updates, make sure you save the installer file for AVG and Comodo onto a USB or similar.

That way when the system is restored you can install your antivirus/firewall before connecting to the internet.

[TrnDrvr]

Hello,

I was really trying to avoid a restore to factory setting at all costs, but if that's the cure, then that's what I have to do. Thank you again. I deeply appreciate all your help.