HijackThis.. is something wrong?

[psicoazn]

This is my first time using HiJackThis, and I can honestly say I have little or no idea what any of this means. It's just that I've heard people have used this and found it to be a great help.. and lately my computers been acting up without signs of virus's or spyware. So if anyone could tell me if something is wrong, it'd be very much appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 9:27:02 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dp\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[psicoazn]

can someone tell if something is wrong with my comp?

[MicroBell]

Hi and Welcome to TSF

Your log is clean...but lets make sure nothing is lurking.


Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

• Ad-Aware® SE Personal Edition
• Spybot Search & Destroy
• CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please run an online scan at http://www.pandasoftware.com/actives..._principal.htm
Once it has finished save the activescan log. Then post that log in your next post.

[psicoazn]

** Ad-Aware Log

The program said these two items were critical. I guess I'm supposed to "fix" these, but am reluctant to before I can receive more info about them. It also says : "Average TAC : 3.000" [What's TAC mean?]

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : regedit.exe %1
TAC Rating : 3
Category : Vulnerability
Comment : Possible virus infection, REG file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : regedit.exe %1

Windows Object Recognized!
Type : RegData
Data : "%1" %*
TAC Rating : 3
Category : Vulnerability
Comment : Possible virus infection, SCR file extension compromised
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : "%1" %*

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 26 [these were seen to be of no threat]


** Spybot - Search and Destroy Log

I've had this program for a while, and this same error continues to pop up each time I use it ever since I installed SP2. [I didn't fix this either]

Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0


** CWshredder

Found: CWS.Look2Me

[After running it again, it wasn't there. So i guess it got rid of it for me.]


** Panda Active Scan

No viruses or other malicious software have been found!

[psicoazn]

I don't know if this is necessary, but here's a new HiJackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:57:43 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\dp\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[MicroBell]

Go ahead and fix those entrys. TAC is Adawares way of classifying the adware it has found. The rating of something LOW (TAC 0-1) can be likely ignored as it doesn't pose an extream threat. Higher ratings (TAC 2-5) it's recommend you fix the item.

I do want to look deeper...

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

[psicoazn]

Here's the entire log, I'm starting the adaware. spybot.. cycle again. Sorry for all this trouble.

Started Scanning
Internet Cookies
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'partypoker.touchclarity.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'partypoker.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'Location' in 'SOFTWARE\Magnet'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\'
[SCANMODS] The file 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\'
[SCANMODS] The file 'C:\Documents and Settings\dp\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Finished Cleaning

[psicoazn]

ADAWARE found nothing except things of no threat.

SPYWARE - SEARCH AND DESTROY [fixed]

--- Search result list ---
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

CWSHREDDER found nothing.

PANDA ACTIVESCAN found nothing.

TREND MICRO scan log. [sorry about the 1st log post, I'm guessing you wanted this one]

Started Scanning
Internet Cookies
Found 'atwola.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

HIJACKTHIS log file [just in case] sorry for the long posts.

Logfile of HijackThis v1.99.1
Scan saved at 9:01:56 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dp\Desktop\logs\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[MicroBell]

Again..these logs are clean. Can you describe in detail your issue if there is one?

Let's try one more scanner.....

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
Download, install, and update Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be a big E icon on your desktop, double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run Ewido:

• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop

Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal mode..post that Ewido log.

[psicoazn]

um i haven't done the last post instructions yet.

i have found that with the previous scans / cleans.. that my computer has been working better. the only problem i have left is the load-up screen. (welcome screen lags)

the welcome screen comes up and then the music comes on that signals you're starting windows.. but then the screen stays there for a couple of extra seconds before displaying the desktop. it was much much worse before.. it would take about 1 or 2 minutes just to go from the welcome screen to a blank background.. to the desktop... my computer used to freeze in some games that it shouldn't normally mess up in.. but now the freezing issue has been fixed somehow.

im satisfied with the way my computer is working currently, but would also like to know if theres anyway to make my computer boot up faster.

[off topic : how do you make computer boot faster in general? theres a screen while booting that says searching for ultra bios or something.. and then says not found.. cause drive isn't connected or something of the sort... and my boot ups are much slower than my friends computers... you don't have to find me a fix for this.. but any knowledge would be nice.]

again.. sorry for the inconvenience.. and thank you for the help.

[MicroBell]

There's many things that cause a computer to boot slowly. You can not compare your boot times to another PC as each will have different programs, services...ect it's loading at startup. To speed up the time..check your bios and turn off things like "Floppy seek", and any BIOS Antivirus's.

For windows...disable any unused services so windows isn't loading something you never use. Enter your msconfig tab and disable anything thats not really needed at startup. Things that fall into this classification are programs such as...

ATI Control Panel
Adobe
Nero
AIM.....ect

While you can still launch these programs anytime..there is no need to have them running in the background when not in use. Extra seconds are nothing compared to minutes. The more you add to the PC in time...the longer the boot process to load all those goodies up.

[psicoazn]

thank you, you've been very helpful