Tech Support banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
My XP machine boots very slow with a lot of disk activities during boot. Apps also start ups slow. I have PC-cillin software so I don't think I have any virus or spyware.

Do I have any software running that causes this?

Thanks

=============================

Logfile of HijackThis v1.99.1
Scan saved at 11:43:58 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
D:\Program Files\NETGEAR\WPNT511\wpnt511.exe
D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
D:\Program Files\Mozilla Firefox2\firefox.exe
D:\Program Files\Thunderbird\thunderbird.exe
D:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {862fb893-b24b-4fad-80d3-a1158eb34db4} - (no file)
O3 - Toolbar: Iranian Calendar - {67D02D3E-71A6-485B-A64A-C52DF241B034} - C:\Program Files\Iranian Calendar Toolbar\IranianCalendar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WPNT511] D:\Program Files\NETGEAR\WPNT511\wpnt511.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "D:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Yahoo! Messenger.lnk = C:\Program Files\Yahoo!\Messenger\YPager.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136508167767
O16 - DPF: {862FB893-B24B-4FAD-80D3-A1158EB34DB4} - http://www.search.com/cnetsearchbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HomeComputer
O17 - HKLM\Software\..\Telephony: DomainName = HomeComputer
O17 - HKLM\System\CCS\Services\Tcpip\..\{F47CDAE6-D4C8-4952-BC93-06604F294425}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HomeComputer
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache - Unknown owner - D:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Yes,you will have a lot of stuff that runs at startup...to find out what, use this program:

http://members.lycos.co.uk/codestuff/


Also run this to see if you have any malware....

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


========================================


Download " SUPERAntiSpyware Free Edition" from this link:
http://www.superantispyware.com/download.html


Install and update the scanner.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next"

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.

Reboot your computer. After reboot, open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #4 ·
Thanks for the reply. Here are the log files:

Dr. Web:

7D873B1D-36BE-44C9-BF50-45DDC2;D:\Program Files\Microsoft AntiSpyware\Quarantine\94AB00B6-1876-4CC2-9BBF-A0F517;Adware.Altnet;Incurable.Moved.;


=================================================

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 02/01/2007 at 11:55 PM

Application Version : 3.5.1016

Core Rules Database Version : 3176
Trace Rules Database Version: 1186

Scan type : Complete Scan
Total Scan Time : 00:42:23

Memory items scanned : 162
Memory threats detected : 0
Registry items scanned : 6072
Registry threats detected : 0
File items scanned : 38522
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\Ahmad\Cookies\[email protected][3].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][6].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][4].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][5].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][1].txt
C:\Documents and Settings\Ahmad\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][3].txt
C:\Documents and Settings\kids\Cookies\kids[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][2].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
C:\Documents and Settings\kids\Cookies\[email protected][1].txt
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top