Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Hilariously Slow Start Up, DDS and GMER ready
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-31-2009, 10:38 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Hilariously Slow Start Up, DDS and GMER ready
Like the title says, my computer's start up process is depressing. Even after logging in, it takes 3 minutes after double-clicking the Firefox icon for the browser page to show up. It's been this way for at least half a year now, and tonight I've finally taken the initiative to try and fix things. Whether you find that to make me either patient or just lazy, the bad news is I really couldn't tell you what sort of stuff I got into to have my computer infested with malware. I think "infested" is probably overestimating, but I'll admit that I participated in some sketchy downloading, I'm not sure what in particular though. It's been a while. Nonetheless, I've learned my lesson and uninstalled all the crap I could find, but unfortunately my computer could still use some work. I hope you guys can help.

Here's my DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew Sharp at 22:16:57.01 on Sat 10/31/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.7\NppBho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UMonit] c:\windows\system32\UMonit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\j0rx52oe.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\andrew sharp\application data\mozilla\firefox\profiles\j0rx52oe.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\andrew sharp\application data\mozilla\firefox\profiles\j0rx52oe.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-31 16:20:48 0 d-----w- c:\windows\system32\Adobe
2009-10-18 21:02:12 0 d-----w- c:\program files\Genesys USB Mass Storage Device
2009-10-18 21:02:07 5615616 ----a-r- c:\windows\system32\GeneIcon.dll
2009-10-18 21:01:42 200704 ----a-r- c:\windows\system32\UMonit.exe
2009-10-18 21:01:42 1504 ----a-r- c:\windows\system32\IconCfg0.ini
2009-10-18 21:01:41 167936 ----a-r- c:\windows\system32\ustor.dll
2009-10-18 21:01:10 12416 ----a-r- c:\windows\system32\drivers\fixustor.sys
2009-10-17 01:45:12 9984 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-17 01:45:12 9984 ------w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-10-17 01:45:12 76544 ------w- c:\windows\system32\dllcache\sdbus.sys
2009-10-17 01:45:12 11136 ------w- c:\windows\system32\dllcache\sffdisk.sys
2009-10-17 01:45:12 10368 ------w- c:\windows\system32\dllcache\sffp_sd.sys
2009-10-17 01:44:56 536376 ----a-w- C:\WindowsXP-KB921413-v4-x86-ENU.exe

==================== Find3M ====================

2009-09-11 14:03:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:03:37 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-08-07 00:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-07 00:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-07 00:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-07 00:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-07 00:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-07 00:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-07 00:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:11:47 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 00:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 12:51:17 2185984 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 12:49:00 2142720 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:49:00 2142720 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 12:02:00 2062976 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 12:02:00 2020864 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:02:00 2020864 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2006-09-12 01:25:38 56 --sh--r- c:\windows\system32\B6807BA9DB.sys
2006-09-12 01:25:41 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-21 04:11:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-09-21 04:11:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-09-21 04:11:03 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:17:24.68 ===============


I attached my Attach.txt and ark.txt as well.

Thanks for your help.
Attached Files
File Type: zip Attach.zip (4.7 KB, 3 views)
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-01-2009, 06:58 AM   #2 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
I forgot to add: I do not have a Boot CD of any kind.
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 10:10 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
Hello FauxShaux,

You appear to have some serious issues here. It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

We'll begin with ComboFix. Download it from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 02:41 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
Here you are. Thanks again.

ComboFix 09-11-01.04 - Andrew Sharp 11/02/2009 15:20.4.2 - NTFSx86
Running from: c:\documents and settings\Andrew Sharp\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-10-31 16:20 . 2009-10-31 16:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-25 22:57 . 2009-10-25 22:58 -------- d-----w- c:\documents and settings\Andrew Sharp\Local Settings\Application Data\Deployment
2009-10-18 21:02 . 2009-10-18 21:02 -------- d-----w- c:\program files\Genesys USB Mass Storage Device
2009-10-18 21:02 . 2008-06-13 13:50 5615616 ----a-r- c:\windows\system32\GeneIcon.dll
2009-10-18 21:01 . 2007-06-18 11:40 200704 ----a-r- c:\windows\system32\UMonit.exe
2009-10-18 21:01 . 2008-07-07 16:30 167936 ----a-r- c:\windows\system32\ustor.dll
2009-10-18 21:01 . 2007-06-11 10:27 12416 ----a-r- c:\windows\system32\drivers\fixustor.sys
2009-10-17 01:45 . 2006-06-27 08:48 9984 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-17 01:45 . 2006-06-27 08:48 9984 ------w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-10-17 01:45 . 2006-06-27 08:48 11136 ------w- c:\windows\system32\dllcache\sffdisk.sys
2009-10-17 01:45 . 2006-06-27 08:48 10368 ------w- c:\windows\system32\dllcache\sffp_sd.sys
2009-10-17 01:45 . 2006-06-27 08:47 76544 ------w- c:\windows\system32\dllcache\sdbus.sys
2009-10-17 01:44 . 2009-10-10 03:16 536376 ----a-w- C:\WindowsXP-KB921413-v4-x86-ENU.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 21:18 . 2006-04-11 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-02 21:12 . 2006-04-11 09:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-18 21:00 . 2006-04-11 09:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 02:03 . 2007-12-28 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-15 02:00 . 2008-02-06 01:04 -------- d-----w- c:\program files\Trillian
2009-10-15 02:00 . 2006-12-13 21:42 -------- d-----w- c:\program files\TI Education
2009-10-15 01:58 . 2007-12-28 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-15 01:57 . 2006-04-11 09:11 -------- d-----w- c:\program files\HPQ
2009-10-15 01:52 . 2006-04-11 09:49 -------- d-----w- c:\program files\Google
2009-09-18 21:40 . 2006-06-08 23:18 167872 ----a-w- c:\documents and settings\Andrew Sharp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:03 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-12-07 15:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-12-07 15:04 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-09-12 01:25 . 2006-08-28 01:52 56 --sh--r- c:\windows\system32\B6807BA9DB.sys
2006-09-12 01:25 . 2006-08-28 01:49 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 116328]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-06-26 771440]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"UMonit"="c:\windows\system32\UMonit.exe" [2007-06-18 200704]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-15 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-02-16 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]
R2 pciinfo;HP Pci Information;c:\docume~1\ANDREW~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [x]
R3 cpuz130;cpuz130;c:\docume~1\ANDREW~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2007-06-11 12416]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 TucbDriverV32;TucbDriverV32;c:\windows\system32\drivers\TucbDriverV32.sys [2008-08-22 23096]
R3 TucbVideo32;TucbVideo32;c:\windows\system32\DRIVERS\TucbVideo32.sys [2008-08-22 3768]
R3 WT6563F;PS3 ISP Update;c:\windows\system32\Drivers\WT6563F.sys [2003-03-19 13120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 05:43]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 05:43]

2009-11-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Andrew Sharp.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 08:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 15:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spvo.sys >>UNKNOWN [0x86F86944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x86fd51f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

iaStor.sys @ 0x0 0x0 bytes

\Driver\iaStor [ IRP_MJ_CREATE ] 0xF186 != 0xF73127B0 iaStor.sys
\Driver\iaStor [ IRP_MJ_CLOSE ] 0xF186 != 0xF73127B0 iaStor.sys
\Driver\iaStor [ IRP_MJ_DEVICE_CONTROL ] 0x12896 != 0xF73127B0 iaStor.sys
\Driver\iaStor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x12B58 != 0xF73127B0 iaStor.sys
\Driver\iaStor [ IRP_MJ_POWER ] 0x17E66 != 0xF73127B0 iaStor.sys
\Driver\iaStor [ IRP_MJ_SYSTEM_CONTROL ] 0x17FC6 != 0xF73127B0 iaStor.sys
\Driver\iaStor IRP hooks detected !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3533351227-988474780-2745336171-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,0c,26,c9,62,da,1c,56,e7,e5,93,ba,54,b3,5e,c3,2f,01,1e,2c,3c,43,d9,
38,b1,b4,0b,3f,2e,4b,d8,02,e9,e2,e5,1b,db,49,d4,67,a3,39,82,cf,c4,fd,47,c2,\
"??"=hex:8a,99,6b,e7,ca,8b,b6,de,a1,14,35,58,8c,8b,6b,1e

[HKEY_USERS\S-1-5-21-3533351227-988474780-2745336171-1006\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:be,df,04,58,e0,df,b9,31,4a,29,48,62,18,36,ac,32,20,2c,60,ea,
ae,53,17,d9,6c,aa,91,ae,30,c7,0b,e9,b0,1e,7c,82,62,75,ca,b4,a3,20,ac,21,c9,\
.
Completion time: 2009-11-02 15:30
ComboFix-quarantined-files.txt 2009-11-02 21:30
ComboFix2.txt 2008-01-07 00:51

Pre-Run: 27,603,329,024 bytes free
Post-Run: 31,112,359,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D7F2F243EED667E794EC6EE7F77F0C11
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 09:48 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
Hello FauxShaux,

Please delete your existing ComboFix.exe and download the latest version from here. Save it to your desktop.

Double click to run it, follow all prompts, then post the C:\ComboFix.txt when completed.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 06:57 PM   #6 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
ComboFix 09-11-03.01 - Andrew Sharp 11/03/2009 18:41.5.2 - NTFSx86
Running from: c:\documents and settings\Andrew Sharp\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-10-31 16:20 . 2009-10-31 16:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-25 22:57 . 2009-10-25 22:58 -------- d-----w- c:\documents and settings\Andrew Sharp\Local Settings\Application Data\Deployment
2009-10-18 21:02 . 2009-10-18 21:02 -------- d-----w- c:\program files\Genesys USB Mass Storage Device
2009-10-18 21:02 . 2008-06-13 13:50 5615616 ----a-r- c:\windows\system32\GeneIcon.dll
2009-10-18 21:01 . 2007-06-18 11:40 200704 ----a-r- c:\windows\system32\UMonit.exe
2009-10-18 21:01 . 2008-07-07 16:30 167936 ----a-r- c:\windows\system32\ustor.dll
2009-10-18 21:01 . 2007-06-11 10:27 12416 ----a-r- c:\windows\system32\drivers\fixustor.sys
2009-10-17 01:45 . 2006-06-27 08:48 9984 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-17 01:45 . 2006-06-27 08:48 9984 ------w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-10-17 01:45 . 2006-06-27 08:48 11136 ------w- c:\windows\system32\dllcache\sffdisk.sys
2009-10-17 01:45 . 2006-06-27 08:48 10368 ------w- c:\windows\system32\dllcache\sffp_sd.sys
2009-10-17 01:45 . 2006-06-27 08:47 76544 ------w- c:\windows\system32\dllcache\sdbus.sys
2009-10-17 01:44 . 2009-10-10 03:16 536376 ----a-w- C:\WindowsXP-KB921413-v4-x86-ENU.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 00:31 . 2006-04-11 09:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-02 22:24 . 2006-04-11 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-18 21:00 . 2006-04-11 09:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 02:03 . 2007-12-28 23:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-15 02:00 . 2008-02-06 01:04 -------- d-----w- c:\program files\Trillian
2009-10-15 02:00 . 2006-12-13 21:42 -------- d-----w- c:\program files\TI Education
2009-10-15 01:58 . 2007-12-28 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-15 01:57 . 2006-04-11 09:11 -------- d-----w- c:\program files\HPQ
2009-10-15 01:52 . 2006-04-11 09:49 -------- d-----w- c:\program files\Google
2009-09-18 21:40 . 2006-06-08 23:18 167872 ----a-w- c:\documents and settings\Andrew Sharp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:03 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 08:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-04 08:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-12-07 15:04 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-12-07 15:04 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-09-12 01:25 . 2006-08-28 01:52 56 --sh--r- c:\windows\system32\B6807BA9DB.sys
2006-09-12 01:25 . 2006-08-28 01:49 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7331840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-15 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 116328]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-06-26 771440]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"UMonit"="c:\windows\system32\UMonit.exe" [2007-06-18 200704]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-15 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-02-16 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]
R2 pciinfo;HP Pci Information;c:\docume~1\ANDREW~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [x]
R3 cpuz130;cpuz130;c:\docume~1\ANDREW~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2007-06-11 12416]
R3 SDTHOOK;SDTHOOK;c:\windows\system32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
R3 TucbDriverV32;TucbDriverV32;c:\windows\system32\drivers\TucbDriverV32.sys [2008-08-22 23096]
R3 TucbVideo32;TucbVideo32;c:\windows\system32\DRIVERS\TucbVideo32.sys [2008-08-22 3768]
R3 WT6563F;PS3 ISP Update;c:\windows\system32\Drivers\WT6563F.sys [2003-03-19 13120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 05:43]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 05:43]

2009-11-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Andrew Sharp.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 08:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Andrew Sharp\Application Data\Mozilla\Firefox\Profiles\j0rx52oe.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
UMonit = c:\windows\system32\UMonit.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3533351227-988474780-2745336171-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2c,0c,26,c9,62,da,1c,56,e7,e5,93,ba,54,b3,5e,c3,2f,01,1e,2c,3c,43,d9,
38,b1,b4,0b,3f,2e,4b,d8,02,e9,e2,e5,1b,db,49,d4,67,a3,39,82,cf,c4,fd,47,c2,\
"??"=hex:8a,99,6b,e7,ca,8b,b6,de,a1,14,35,58,8c,8b,6b,1e

[HKEY_USERS\S-1-5-21-3533351227-988474780-2745336171-1006\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:be,df,04,58,e0,df,b9,31,4a,29,48,62,18,36,ac,32,20,2c,60,ea,
ae,53,17,d9,6c,aa,91,ae,30,c7,0b,e9,b0,1e,7c,82,62,75,ca,b4,a3,20,ac,21,c9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-04 18:51
ComboFix-quarantined-files.txt 2009-11-04 00:50
ComboFix2.txt 2009-11-02 21:30
ComboFix3.txt 2008-01-07 00:51

Pre-Run: 31,077,257,216 bytes free
Post-Run: 31,040,151,552 bytes free
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 10:05 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
I'm not finding any malware in your logs, but I am seeing Operating System issues in them - not so much what is in the logs, as what is missing from your logs. Looking at the lack of reported output - no OS info or Running Processes, etc. is being reported which indicates an issue with the WMI ( Windows Management Instrumentation)

Your dds.txt Header:

Quote:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew Sharp at 22:16:57.01 on Sat 10/31/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============

*note the lack of any Running Processes listed here
Your Attach.txt:
Quote:
DDS (Ver_09-10-26.01)

*you have nothing at all being reported here


==== Disk Partitions =========================

...or here

Compare that with the dds.txt Header and Attach.txt from my system:

Quote:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 23:45:35.39 on 11/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.401 [GMT -5:00]

AV: Avast *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe

(plus a whole slew of others...)


Attach.txt information

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home
Boot Device: \Device\HarddiskVolume2
Install Date: 01/12/2004 07:31:32 PM
System Uptime: 10/31/2009 08:30:33 PM (75 hours ago)


Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2158/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 87.594 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.944 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 70 GiB total, 18.136 GiB free.
I'm not seeing Service Pack 3 as being installed on your system - what version of Windows (Home, Pro, etc., ) do you have installed, and what Service Pack? You can find that information by clicking the Start button and right click My Computer>Properties
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 11-03-2009 at 10:08 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 04:17 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
I've got Windows XP Home Edition, Service Pack 2.

As far as why my DDS.txt and Attach.txt logs are lacking information, your guess is as good as mine. I checked the .txt files on my desktop and they are identical to the ones I posted here.

The only thing I can figure is that when I cleaned out and uninstalled my illegitimate programs I might have also affected the important ones. Could that answer the problem here? Nonetheless, I was only using the Add/Remove Programs tool, and kept away from the Add/Remove Windows Components, so even if I did accidentally uninstall the wrong program I don't know how I could have touched something like the WMI. I should mention that after I finished uninstalling that stuff my SD card slot stopped working entirely. It hasn't really bothered me, I already have a card reader that remains unaffected, but perhaps I did do something wrong.
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 08:18 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
No, you didn't do anything wrong. Sometimes Windows just gets messed up.

My first suggestion is visit Microsoft.com and update to SP3 --> http://www.microsoft.com/windows/pro...3/default.mspx. That should remedy these issues. Let me know how that works out for you.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2009, 05:07 PM   #10 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
I installed SP3, but there aren't visible signs of improvement. The SD card slot still doesn't work (I wouldn't get hung up on that, it might just be a hardware problem), and the start-up process is still arduously slow. I forgot to also mention that it's not only the start-up phase of my computer that's ridiculously slow, it's also a number of programs. Microsoft Word, for example, takes a minute or so to open a document, and by the time the program window has been completely loaded, the document isn't there. It's like Word forgot about the document in the process of loading the Word program itself.

Now that I've got SP3, would you like me to run another DDS and/or GMER and see if the same blank spaces occur again?
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 11:30 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
Yes, please post fresh logs.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 03:45 PM   #12 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
I took the liberty of adding a "2" to the end of the filenames. And I also noticed that the DDS log now shows Running Processes. I guess that SP3 worked.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew Sharp at 15:32:20.70 on Fri 11/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.424 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Andrew Sharp\Desktop\dds.scr
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.7\NppBho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UMonit] c:\windows\system32\UMonit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPluginNOSSO.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\j0rx52oe.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\andrew sharp\application data\mozilla\firefox\profiles\j0rx52oe.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\andrew sharp\application data\mozilla\firefox\profiles\j0rx52oe.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\andrew~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\andrew~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\andrew~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\andrew~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2009-10-18 12416]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2007-12-28 44928]
S3 TucbDriverV32;TucbDriverV32;c:\windows\system32\drivers\TucbDriverV32.sys [2008-8-30 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\system32\drivers\TucbVideo32.sys [2008-8-30 3768]
S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [2009-8-5 13120]

=============== Created Last 30 ================

2009-11-05 23:33:43 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-05 23:13:04 0 d-----w- c:\windows\system32\scripting
2009-11-05 23:13:02 0 d-----w- c:\windows\l2schemas
2009-11-05 23:12:59 0 d-----w- c:\windows\system32\en
2009-11-05 23:12:58 0 d-----w- c:\windows\system32\bits
2009-11-05 23:05:58 0 d-----w- c:\windows\EHome
2009-11-04 00:39:14 0 d-----w- C:\ComboFix
2009-11-02 21:15:43 0 d-sha-r- C:\cmdcons
2009-11-02 21:14:25 98816 ----a-w- c:\windows\sed.exe
2009-11-02 21:14:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-02 21:14:25 236544 ----a-w- c:\windows\PEV.exe
2009-11-02 21:14:25 161792 ----a-w- c:\windows\SWREG.exe
2009-10-31 16:20:48 0 d-----w- c:\windows\system32\Adobe
2009-10-18 21:02:12 0 d-----w- c:\program files\Genesys USB Mass Storage Device
2009-10-18 21:02:07 5615616 ----a-r- c:\windows\system32\GeneIcon.dll
2009-10-18 21:01:42 200704 ----a-r- c:\windows\system32\UMonit.exe
2009-10-18 21:01:42 1504 ----a-r- c:\windows\system32\IconCfg0.ini
2009-10-18 21:01:41 167936 ----a-r- c:\windows\system32\ustor.dll
2009-10-18 21:01:10 12416 ----a-r- c:\windows\system32\drivers\fixustor.sys
2009-10-17 01:45:12 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-17 01:44:56 536376 ----a-w- C:\WindowsXP-KB921413-v4-x86-ENU.exe

==================== Find3M ====================

2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ----a-w- c:\windows\system32\dllcache\jscript.dll
2006-09-12 01:25:38 56 --sh--r- c:\windows\system32\B6807BA9DB.sys
2006-09-12 01:25:41 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:33:15.71 ===============
Attached Files
File Type: zip Attach2.zip (5.4 KB, 2 views)
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 03:54 PM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
I'm seeing evidence of Daemon Tools or Alcohol or some other CD Emulator software, but I'm not seeing either of those programs installed on the system.

What CD Emulator software are/were you using?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 12:25 PM   #14 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
It was Daemon Tools. I don't think I ever actually successfully used it though, and so it was uninstalled promptly.
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 04:58 PM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
The SP3 install did do wonders for the Operating System as evidence by your latest dds.txt and attach.txt. I do still see an associated driver in your gmer log. For a complete uninstall, and so our tools may run unhindered, please also follow the steps on DuplexSecure's page for uninstalling the SPTD driver which these emulators use.

http://www.duplexsecure.com/en/faq

After completing that, please run a new gmer scan, save it as ark3.txt and attach it to your next reply.

If your issues persist, they seem to be Operating System related and you'd do best to seek the advice of the folks in our Windows XP Support section.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 09:18 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
Although the DDS and GMER look better, I must admit that the computer's overall speed is still pitiful. Nonetheless, thanks for all your help.
Attached Files
File Type: zip ark3.zip (927 Bytes, 1 views)
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 09:40 PM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,089
OS: WinXP and Vista


Re: Hilariously Slow Start Up, DDS and GMER ready
The hook is gone, so that should clear the way and make it a bit easier for the Windows XP folks to try to narrow down where your problems lie.

Please create a post in that section, and let them know you've been cleared by me. It would be helpful to them if you provide a link to this thread.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 07:26 AM   #18 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 15
OS: Windows XP


Re: Hilariously Slow Start Up, DDS and GMER ready
Alright, will do. Thanks again!!
FauxShaux is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:30 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85