|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-11-2006, 01:49 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
moved
Help! My IBM Notebook (Type 1859) has suddenly changed from it normal fast operation to be a real slow-coach. It takes ages to boot and open files etc. Ad-Aware shows it clean. Here is a Hijackthis log. Please let me know if an item in the log could cause this problem. Thanks.
Hijackthis Log Logfile of HijackThis v1.99.1 Scan saved at 10:39:07 AM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\WINDOWS\system32\TpScrLk.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\aniServ.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe C:\DOCUME~1\STANLE~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\NoAdware4\NoAdware4.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [Lenovo Memory Alert] "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -nointro O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130304192859 O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-12-2006, 10:46 AM
|
#2 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Whosdat: VX2 runs clean. Uninstalled NoAdware. Now meet all criteria of your 5-step process except hijackthis "in its own folder in root file." I placed a shortcut of this item on the desktop that I took the log file from. File appears to be buried in hidden file somewhere. (1) how do I find this, and (2) how do I put item in own folder in root file? I will then run and post log.
Oshwin5: Pete; thnks for your comments. You can be sure I need expert help. I have uninstalled noAdware. As you can see above am not sure how to find and correctly file hijackthis. When I have done this will post new hijackthis log. |
|
|
|
|
01-13-2006, 10:00 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
whosdat
re: slow IBM 1859 notebook, herewith rerun of hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 8:39:00 AM, on 1/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\aniServ.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [Lenovo Memory Alert] "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -nointro O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130304192859 O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe |
|
|
|
|
01-13-2006, 05:07 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
There isn't much showing in your log, so we'll try a general cleaning and see what turns up. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Downloads(make sure to save these in a permanent location) Cleanup! (Alternate Link)- Install it. You will use this later. *NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Tools Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following:
Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. *Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
|
|
|
|
|
01-13-2006, 09:24 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Vikesrock8411: Thnks a bunch for your help! CleanUp found 535 files - 650Mb of space freed-up. PC is now quicker to boot to just before desktop display, then slower. Whereas before cleaning initial boot phase was very slow as was the desktop part. When first open IE, takes quite a while. Subsequent openings occur faster, but not I think as fast as it was before I had this problem. Maybe mass of stuff in msconfig start file? Don't know the threat posed by the spyware cookies. Here are the reports you asked for:
Panda Activescan Log Incident Status Location Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@tribalfusion[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@ads.pointroll[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@tribalfusion[1].txt New hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 7:58:30 PM, on 1/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\aniServ.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [Lenovo Memory Alert] "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -nointro O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130304192859 O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe |
|
|
|
|
01-13-2006, 09:47 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Hey Vikesrock8411: I have to tell you my notebook is lightning fast! After my earlier quick check I thought it still had a ways to go, now I'm not so sure it has any. The boot is slow still, but then I have a wireless set up within the house so maybe it just takes time. Plus I rarely reboot anyway. I await your reaction to the logs.
Stanley Jones - Ashland, Oregon. |
|
|
|
|
01-14-2006, 02:29 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Alright sounds like we are making progress at least.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Downloads(make sure to save these in a permanent location) Ewido Security Suite
If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Next, please reboot your computer in SafeMode by doing the following:
Tools Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC. Reboot your system in Normal Mode. Online Scans Please open IE and go to Kaspersky WebScanner Next Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
|
|
|
|
|
01-14-2006, 07:34 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Vikesrock8411: After this procedure boot timed at 4 1/2-minutes to Windows password. A further 2min 35secs to stable desktop. First opening of browser to stable Yahoo home page took 3-minutes (detecting proxy settings and start download from site msg). Subsequent browser openings seemed to occur at normal speed.
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 3:29:46 PM, 1/14/2006 + Report-Checksum: 3B085D3 + Scan result: C:\Documents and Settings\Stanley Jones\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-125ad9da.class -> Downloader.OpenStream.y : Cleaned with backup C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Stanley Jones\Cookies\stanley jones@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup ::Report End ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 14, 2006 17:40:54 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 15/01/2006 Kaspersky Anti-Virus database records: 161271 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 41223 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 5766 sec Infected Object Name - Virus Name C:\Documents and Settings\Stanley Jones\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\omfg.class-40baf3a5-1b01e2c3.class Infected: Trojan-Downloader.Java.OpenStream.y Scan process completed. hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 5:55:27 PM, on 1/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\aniServ.exe C:\WINDOWS\system32\TpShocks.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\1-Click Answers\agtserv.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [Lenovo Memory Alert] "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -nointro O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130304192859 O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/acces...tent/AcpIR.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe Thks Tech Support Team! |
|
|
|
|
01-15-2006, 03:12 PM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
I am not seeing anything in those logs so I would like to take a look at another log to see if it reveals what is slowing your notebook down.
Please print out or copy this page to Notepad. Please download WinPFind-Unzip it to the desktop, but do not run it yet Restart your computer in Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). Double click WinPFind.exe * Click 'Start Scan' * It will scan the entire system, so please be patient! * Once the scan is complete: 1. Go to the WinPFind folder 2. Locate WinPFind.txt 3. Copy those results in the next post! Reboot back to Normal Mode Please post the contents of WinPFind.txt in your next post. |
|
|
|
|
01-15-2006, 11:36 PM
|
#11 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Vikesrock8411: FYI, also takes a good while to boot to safe mode.
Herewith WinPFind log: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Items found in C:\WINDOWS\hosts Checking %System% folder... PEC2 8/4/2004 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 4/27/2005 8:16:46 AM 184320 C:\WINDOWS\SYSTEM32\IbmEgath.dll PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL PECompact2 1/4/2006 7:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe aspack 1/4/2006 7:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/4/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 8/4/2004 4:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 8/4/2004 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... UPX! 11/9/2005 8:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys aspack 11/9/2005 8:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 1/15/2006 10:15:10 PM S 2048 C:\WINDOWS\bootstat.dat 1/10/2006 10:09:20 PM S 64 C:\WINDOWS\CSC\00000001 1/10/2006 9:47:56 PM S 64 C:\WINDOWS\CSC\00000002 1/15/2006 8:40:16 AM H 0 C:\WINDOWS\LastGood\INF\oem20.inf 1/15/2006 8:40:16 AM H 0 C:\WINDOWS\LastGood\INF\oem20.PNF 11/30/2005 8:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat 12/1/2005 4:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat 1/2/2006 3:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat 1/15/2006 10:15:00 PM H 8192 C:\WINDOWS\system32\config\default.LOG 1/15/2006 10:15:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 1/15/2006 10:15:12 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG 1/15/2006 10:15:30 PM H 77824 C:\WINDOWS\system32\config\software.LOG 1/15/2006 10:15:22 PM H 1204224 C:\WINDOWS\system32\config\system.LOG 1/15/2006 8:41:50 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 1/15/2006 10:13:30 PM H 6 C:\WINDOWS\Tasks\SA.DAT 1/15/2006 11:59:04 AM H 424 C:\WINDOWS\Tasks\{42D8BF59-B44E-4433-9BB5-110AAF63C12F}_IBM-66B7ADAC3B0_Stanley Jones.job Checking for CPL files... Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl IBM 9/26/2004 4:19:38 AM 61440 C:\WINDOWS\SYSTEM32\IBMJavaPlugin142.cpl Intel Corporation 9/9/2005 12:43:24 PM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Lenovo Group Limited 8/24/2005 12:10:00 AM 49152 C:\WINDOWS\SYSTEM32\tp4ex.cpl IBM Corp. 1/21/2005 12:40:00 AM 34816 C:\WINDOWS\SYSTEM32\TP98.CPL Lenovo, Ltd. and IBM Corporation.8/22/2005 8:22:26 PM 118784 C:\WINDOWS\SYSTEM32\TpShCPL.cpl Microsoft Corporation 8/4/2004 4:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Intel Corporation 9/9/2005 12:43:24 PM 77824 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\igfxcpl.cpl Intel Corporation 5/4/2005 10:50:00 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 1/14/2006 6:03:28 PM 721 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1-Click Answers.lnk 11/12/2005 1:13:12 PM 1768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 8/9/2004 9:55:40 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini 10/27/2005 11:28:42 AM 493 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 8/9/2004 9:46:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 1/10/2006 6:09:08 PM 1753 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 8/9/2004 9:55:40 AM HS 84 C:\Documents and Settings\Stanley Jones\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 8/9/2004 9:46:04 AM HS 62 C:\Documents and Settings\Stanley Jones\Application Data\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPDMenu {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPDMenu {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} = C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890} DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {7754C418-F62E-44aa-B169-E719E718BCFD} = 1-Click Answers : C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = IBM Java Console : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Research : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} ButtonText = Software Installer : C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {7754C418-F62E-44AA-B169-E719E718BCFD} = 1-Click Answers : C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r TpShocks TpShocks.exe TPKMAPHELPER C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper TPKBDLED C:\WINDOWS\system32\TpScrLk.exe TPHOTKEY C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe TP4EX tp4ex.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe SoundMAXPnP C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe SoundMAX C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime QCWLICON C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE QCTRAY C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE PWRMGRTR rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor Persistence C:\WINDOWS\system32\igfxpers.exe PDService.exe "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" Lenovo Memory Alert "C:\Program Files\IBM\acp\ERTS0928\ERTS0928.exe" -nointro iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" IgfxTray C:\WINDOWS\system32\igfxtray.exe ibmmessages C:\Program Files\IBM\Messages By IBM\ibmmessages.exe HotKeysCmds C:\WINDOWS\system32\hkcmd.exe EZEJMNAP C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe dla C:\WINDOWS\system32\dla\tfswctrl.exe cssauth "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent BLOG rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background ibmmessages C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKLM command inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxdev.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina = QConGina.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2 = notifyf2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey = tphklock.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 1/15/2006 10:23:22 PM |
|
|
|
|
01-16-2006, 11:47 AM
|
#12 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Make sure you do not need your computer for at least 12 hours before proceeding with this step. This scan may take that long and cannot be aborted. I reccomend you run it overnight. If this is not possible let me know and we will continue another way. Click Start>Run and type in chkdsk /r If it asks you to run chkdsk on restart please click yes, and restart your computer. This will check your hard drive for errors, and correct any minor errors it finds. Download and Save Blacklight to your desktop: Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers). Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe" |
|
|
|
|
01-16-2006, 09:28 PM
|
#13 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Vikesrock8411
CHKDSK: All stages verified. There was some message that appeared after the check finished but was not long enough on the screen to allow me to read it! After restart, PC kept rebooting to the CHKDSK routine. Stopping the routine within the timer range froze the PC at that stage. Only a power down could free it. Then it booted back to the same point! Needed to use "last boot that worked" to escape for a normal boot to desktop - phew! Boot is still excessively long, as was the first browser opening to my home page as before. After that PC works normally as far as I can tell. Overnight will run Blacklight. |
|
|
|
|
01-16-2006, 09:58 PM
|
#15 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Chkdsk /r can take up to 12 hours on a computer with many bad sectors, this is the step I was referring to.
I am currently consulting with my colleagues and will be back with a fix for you sometime tommorrow (it's getting late here). |
|
|
|
|
01-17-2006, 11:33 AM
|
#16 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
Ok, I can't thank you enough for your help. I can see it is a real puzzler this one. There are other strange oddities that occur too. I received an email with some photos the other day, when I opened the files there was a string of the last webpages I had visited attached to them!
The disk-check actually took about 3 1/2-hours, done three times over because it kept looping on itself. It appeared to spend a disproportional amount of time at 83%-verified. |
|
|
|
|
01-17-2006, 11:48 AM
|
#17 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Because of the way chkdsk works, certain stages can appear to take longer at certain percentages than others. this is because the percentage is based on one measurement and the time it takes to run the scan varies based on a number of factors.
This problem is definitely not malware related, but there are still quite a few things we can try. Your current AV is Trend Micro, have you ever had any other AVs installed on this system? Open My Computer and click Tools>Folder Options. Click on the View tab. Under Files and Folders remove the check from "Automatically search for network folders and printers". Click OK. Switch off your wireless connection (laptops with built in wireless usually have a button for this, if it is an add-in card, remove it.), and reboot your computer. Did this speed up your boot-up time? If not try this:
Click Start>Log Off>Log Off then log on using the new account. After you have done this restart your computer and log in to the new profile. Did this speed up startup at all? |
|
|
|
|
01-17-2006, 03:24 PM
|
#18 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
PC is quite new, had Symantec temp-license installed that I uninstalled and installed Trend PC-Cillin. Boot operation speed was normal after.
With wireless card (Belkin Airgo true-mimo) pulled and check removed from "Auto search for network folders and printers" boot speed was still very slow: 40seconds to shut down 2mins - 10seconds to boot to windows password dialog box 45 seconds to stable desktop At that point an annoying IBM Client Security Setup Wizard dialog box appears that offers to provide increased window password authrization - THAT I DO NOT NEED! and so I delete. It seems this step adds about 10-15seconds to boot from regular windows password stage. Creating new account did not shorten the above boot times. |
|
|
|
|
01-17-2006, 03:42 PM
|
#19 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Alright I have a one more idea to check out before I send you over to hardware to see what they think.
Open HijackThis, click Config, then click Misc Tools. Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. |
|
|
|
|
01-17-2006, 11:03 PM
|
#20 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 27
OS: XP
|
1-Click Answers
Access IBM Access IBM Message Center Ad-Aware SE Personal Adobe Reader 7.0.5 Avery DesignPro Belkin Wireless Client Utility CleanUp! ewido anti-malware HijackThis 1.99.1 IBM 32-bit Runtime Environment for Java 2, v1.4.2 IBM DLA IBM RecordNow! IBM Themes IBM ThinkPad Power Manager IBM ThinkVantage Technologies Welcome Message Intel(R) Graphics Media Accelerator Driver for Mobile Intel(R) PROSet/Wireless Software InterVideo WinDVD iTunes Kaspersky On-line Scanner Lavasoft VX2 Cleaner Lenovo Memory Monitor Macromedia Flash Player 8 Macromedia Shockwave Player mCore mDriver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Small Business Edition 2003 mMHouse mPfMgr MSN Music Assistant mXML Panda ActiveScan PC-Doctor for Windows QuickTime RealPlayer Rescue and Recovery - Client Security Solution Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB912919) Software Installer Sonic Update Manager SoundMAX Spybot - Search & Destroy 1.4 System Migration Assistant 5.0 ThinkPad Configuration ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Integrated 56K Modem ThinkPad Keyboard Customizer Utility ThinkPad Power Management Driver ThinkPad Presentation Director ThinkPad SATA Power Management Driver ThinkPad UltraNav Driver ThinkPad UltraNav Wizard ThinkVantage Access Connections ThinkVantage Active Protection System TrackPoint Accessibility Features Trend Micro PC-cillin Internet Security 2005 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Wallpapers Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB890859 |
|
|
|
| Thread Tools | |
|
|
