Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

slow dell laptop

  • 16-05-2007 3:12pm
    #1
    Closed Accounts Posts: 72 ✭✭


    I have an inspiron dell laptop I purchased 3 years ago that is so slow now as to be unusable. I have ran several anti virus progs on it as well as defender and spybot and the trend micro house clean, all to no avail. Is it worth bringing to a shop for repair or is there anything else I can do to make it viable?

    Thanks for any replies ;)


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I can help you try get it faster if you want. There could be a possibility of left over anti-virus traces on it that are the reason for slowing it down. Do this

    Please download the self-extracting version of HijackThis from here:

    HijackThis_sfx download

    Save HijackThis_sfx to your desktop.

    Double-click the file then click the Unzip button. Then close the Self-Extractor window.

    Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

    Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

    Open HijackThis and click Do a system scan and save a log file. Copy the entire contents of that log and post it here


  • Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    If you download alot and install many programs, it might be good to do a fresh install, especially after 3 years but try the above first.


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    Thanks guys, I ran the exe version as I dont have extracor installed but I ran it and got this log.... thanks for any help on this..

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:03:28, on 16/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
    O15 - Trusted Zone: http://update.randhi.com (HKLM)
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {33331111-1131-1111-1111-611111193428} -
    O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab
    O16 - DPF: {43331111-1111-1111-1111-611111195622} - http://www.www2.p0rt2.com/files/MirarSetup-875498.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098378460584
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136575239692
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE089B70-C107-46C2-A837-A1CD5D8C8A0F}: NameServer = 194.74.65.68 194.72.9.34
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 7701 bytes


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Sorry for the late reply, didn't see you reply. You have a few infections on your pc that may explain for a little slow down, so lets take them out before we do optional fixes to speed you up.

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

    Open Windows Defender.
    Click on Tools, General Settings.
    Scroll down and uncheck Turn on real-time protection (recommended).
    After you uncheck this, click on the Save button and close Windows Defender.

    After all of the fixes are complete it is very important that you enable Real-time Protection again.

    Run HijackThis, click "Do a system scan only" and check these entries

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
    O15 - Trusted Zone: http://update.randhi.com (HKLM)
    O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
    O16 - DPF: {33331111-1111-1111-1111-615111193427} -
    O16 - DPF: {33331111-1131-1111-1111-611111193428} -
    O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab
    O16 - DPF: {43331111-1111-1111-1111-611111195622} - http://www.www2.p0rt2.com/files/MirarSetup-875498.cab
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)


    Now close all windows except for HijackThis, and click "Fix checked".

    Now we need to re-enable Windows Defender.

    Open Windows Defender.
    Click on Tools, General Settings.
    Scroll down and check Turn on real-time protection (recommended).
    After you check this, click on the Save button and close Windows Defender.

    I see your using Windows Live OneCare, this isn't a very good program, and probably slowing your pc down a bit. I'll give you far better programs to use instead

    First go to Start > Control Panel > Add or Remove Programs > Remove Microsoft Windows OneCare Live

    I see your using Windows Defender, this isn't a very good program, and probably slowing your pc down a bit. I'll give you far better programs to use instead

    Go to Start > Control Panel > Add or Remove Programs > Remove Windows Defender

    Once you have gotten rid of these two programs, install the following :

    * SpywareGuard offers realtime protection from spyware installation attempts.

    *AVG anti-spyware

    *AVG

    Once you have done all these steps, please post me a new HijackThis log and the combofix log


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    Thanks for that Actorseeksjob.







    2007-05-16 22:29:28 Service Pack 2
    ComboFix 07-05.17.V - Running from: "C:\Documents and Settings\Brendan\Desktop\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.log


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))


    2007-05-12 09:10 <DIR> d
    C:\DOCUME~1\Brendan\.housecall6.6
    2007-05-11 14:47 118,784 --a
    C:\WINDOWS\SYSTEM32\Msstdfmt.dll
    2007-05-11 14:47 <DIR> d
    C:\Program Files\Viewpoint
    2007-05-11 14:47 <DIR> d
    C:\Program Files\Learn2.com
    2007-05-11 14:47 <DIR> d
    C:\Program Files\Common Files\aolback
    2007-05-11 14:47 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2007-05-11 14:39 <DIR> d
    C:\Program Files\Common Files\AOL
    2007-04-25 18:31 <DIR> d
    C:\Program Files\Microsoft Windows OneCare Live
    2007-04-24 15:54 <DIR> dr-h-c--- C:\MSOCache
    2007-04-23 12:04 <DIR> d
    C:\Program Files\Kyodai Mahjongg 2006
    2007-04-19 16:40 <DIR> d
    C:\Program Files\Picasa2
    2007-04-19 15:27 <DIR> d--h
    C:\WINDOWS\PIF
    2007-04-18 16:57 31,744 --a
    C:\WINDOWS\SYSTEM32\fxsroute.dll
    2007-04-18 16:57 132,608 --a
    C:\WINDOWS\SYSTEM32\fxsclntR.dll
    2007-04-18 16:57 111,104 --a
    C:\WINDOWS\SYSTEM32\fxscfgwz.dll
    2007-04-18 16:57 11,264 --a
    C:\WINDOWS\SYSTEM32\fxssend.exe
    2007-04-18 16:57 <DIR> d
    C:\WINDOWS\SYSTEM32\FxsTmp
    2007-04-17 23:09 626,688 --a
    C:\WINDOWS\SYSTEM32\msvcr80.dll
    2007-04-17 18:25 <DIR> d
    C:\WINDOWS\Options


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-16 15:52:13
    d
    w C:\Program Files\Common Files\Real
    2007-05-16 15:51:31
    d
    w C:\Program Files\QuickTime
    2007-05-11 14:05:07
    d
    w C:\Program Files\BT Broadband Basic Help
    2007-05-11 13:59:37
    d
    w C:\Program Files\Yahoo!
    2007-05-11 13:59:36
    d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-11 13:59:36
    d
    w C:\Program Files\Microsoft AntiSpyware
    2007-05-11 13:59:36
    d
    w C:\Program Files\Google
    2007-05-11 13:58:56
    d
    w C:\DOCUME~1\Brendan\APPLIC~1\AOL
    2007-04-24 17:53:01
    d
    w C:\DOCUME~1\Brendan\APPLIC~1\Google
    2007-04-23 15:50:02
    d
    w C:\DOCUME~1\Brendan\APPLIC~1\Real
    2007-04-18 15:56:59
    d
    w C:\Program Files\Windows NT
    2007-04-17 17:01:57
    d
    w C:\Program Files\BT Voyager 105 ADSL Modem
    2007-04-17 17:00:09
    d
    w C:\Program Files\Windows Media Bonus Pack for Windows XP
    2007-04-17 16:57:23
    d
    w C:\Program Files\NewSoft
    2007-04-17 16:57:20
    d
    w C:\Program Files\Common Files\NewSoft
    2007-04-17 16:55:44
    d
    w C:\Program Files\Juice
    2007-04-01 22:28:37
    d
    w C:\Program Files\NCBuy
    2007-04-01 22:27:55
    d
    w C:\Program Files\Common Files\SWF Studio
    2007-03-18 13:18:39
    d
    w C:\DOCUME~1\Brendan\APPLIC~1\iPodder
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 20:10:59
    d
    w C:\Program Files\Real
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22]
    "DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 16:10]
    "DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 13:47]
    "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
    "IPPDetect"="IPP4Detect.exe" []
    "AGRSMMSG"="AGRSMMSG.exe" []
    "MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0
    Security Packages kerberos msv1_0 schannel wdigest
    Notification Packages :\WINDOWS\syste

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
    NetworkService DnsCache
    rpcss RpcSs
    imgsvc StiSvc
    termsvcs TermService
    HTTPFilter HTTPFilter
    DcomLaunch DcomLaunch TermService
    WudfServiceGroup WUDFSvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    *newlycreated* -PROCEXP90

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{56C4FEA6-AC9D-46F8-B2BC-84F2281E934E}.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-16 22:31:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-16 22:32:34
    C:\ComboFix-quarantined-files.txt ... 2007-05-16 22:32





    ogfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 22:43:40, on 16/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,83/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098378460584
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136575239692
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE089B70-C107-46C2-A837-A1CD5D8C8A0F}: NameServer = 194.74.65.68 194.72.9.34
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 5783 bytes


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Have you installed those programs I suggested? Please do if you haven't already.

    If you didn't get rid of these before, do it now :

    Can you go to Start > Control Panel > Add or Remove Programs > Remove Viewpoint

    Can you go to Start > Control Panel > Add or Remove Programs > Remove Microsoft AntiSpyware

    Then go and delete these folders in bold

    C:\Program Files\Viewpoint
    C:\Program Files\Microsoft AntiSpyware

    Download: CCleaner (freeware)
    http://www.majorgeeks.com/download4191.html
    Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
    Once installed, run CCleaner click the Windows [tab]
    Select the following:
    cleaner.gif
    Next: click Options click the Settings tab
    Uncheck: "Only delete files older than 48 hrs.", click Ok
    Then click Run Cleaner (bottom right)

    Then go to the Issues tab on the left, click "Scan for Issues", click "Fix all selected Issues" and make a back-up when it prompts you to.


    Next we are going to do the optional fixes that will help speed your pc up. This will include disabling a good few start up entries, if there is any you want to keep then dont fix them.

    Run HijackThis, click "Do a system scan only" and check these entries :

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [IPPDetect] IPP4Detect.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab


    Now close all windows except for HijackThis and click Fix checked.


    Next download this program here. It's a very good disk defragmentation program, you will need to run it over-night as it will take a while.

    Did you ever have any trouble uninstalling any anti-virus programs on your pc, like Norton or McAfee?

    The final thing to do is this :

    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.

    Also send me another HijackThis log


  • Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭Tom Dunne


    I'm going to move this over to the Windows forum as it is more of a Windows issue than a laptop issue.

    It also might help others that have similar problems on their PC.


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    Hello Actorseeksjob, no had no problems uninstalling av progs. here are the logs....

    StartupList report, 17/05/2007, 10:46:23
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.6000.16441)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\system32\ctfmon.exe


    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Brendan\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*


    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Apoint = C:\Program Files\Apoint\Apoint.exe
    SiS Windows KeyHook = C:\WINDOWS\System32\keyhook.exe
    DSLSTATEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    DSLAGENTEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    AGRSMMSG = AGRSMMSG.exe
    AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*


    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*


    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*


    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*


    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*


    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*


    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*


    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*


    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S


    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*


    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1


    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}]
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser


    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*


    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=


    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*


    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present


    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden


    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed


    Enumerating Browser Helper Objects:

    *No BHO's found*


    Enumerating Task Scheduler jobs:

    1-Click Maintenance.job
    Check Updates for Windows Live Toolbar.job
    MP Scheduled Quick Scan.job
    User_Feed_Synchronization-{56C4FEA6-AC9D-46F8-B2BC-84F2281E934E}.job


    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director7/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098378460584

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136575239692

    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    [Java Plug-in 1.6.0_01]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    [Java Plug-in 1.6.0_01]
    InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab


    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll


    Enumerating Windows NT/2000/XP services

    abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
    adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
    aeaudio: system32\drivers\aeaudio.sys (manual start)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
    Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
    Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)
    Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
    Alps Touch Pad Filter Driver for Windows 2000/XP: System32\DRIVERS\Apfiltr.sys (manual start)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
    AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
    AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
    AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
    AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
    AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
    AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
    AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
    AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
    AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
    AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
    Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
    cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
    Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
    CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
    Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    i81x: System32\DRIVERS\i81xnt5.sys (manual start)
    iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
    iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
    iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
    iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
    iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
    iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
    iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
    iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
    iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
    iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
    CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
    Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (autostart)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    MSFWHLPR: system32\DRIVERS\msfwhlpr.sys (disabled)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
    Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: System32\DRIVERS\nv4_mini.sys (manual start)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    Pcmcia: System32\DRIVERS\pcmcia.sys (system)
    Volume Adapter: system32\DRIVERS\lv302af.sys (manual start)
    perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
    QuickCam IM(PID_08A0): system32\DRIVERS\LV302AV.SYS (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    High-Capacity Floppy Disk Drive: System32\DRIVERS\sfloppy.sys (manual start)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SiS315: System32\DRIVERS\sisgrp.sys (manual start)
    SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
    SiSkp: System32\DRIVERS\srvkp.sys (system)
    SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
    BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
    smwdm: system32\drivers\smwdm.sys (manual start)
    Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
    symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
    sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
    Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
    BT Voyager 105 ADSL Modem: System32\DRIVERS\gwausb.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)



    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Config.Msi\4181f3.rbf||C:\Config.Msi\418200.rbf||C:\Config.Msi\418202.rbf||C:\Config.Msi\418203.rbf||C:\Config.Msi\41820b.rbf||C:\WINDOWS\SxsCaPendDel\{97F81AF1-0E47-DC99-B01F-C8B3B9A1E18E}_00000001||C:\Config.Msi\41821a.rbf||C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe||C:\Program Files\Microsoft Windows OneCare Live\||C:\Config.Msi\132cb26.rbf||C:\DOCUME~1\Brendan\LOCALS~1\Temp\_iu14D2N.tmp||C:\DOCUME~1\Brendan\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\Brendan\Cookies\index.dat||C:\DOCUME~1\Brendan\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\Brendan\LOCALS~1\History\History.IE5\MSHIST~3\index.dat



    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: *Registry key not found*
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*


    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*


    End of report, 38,196 bytes
    Report generated in 0.912 seconds



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:59:19, on 17/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098378460584
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136575239692
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE089B70-C107-46C2-A837-A1CD5D8C8A0F}: NameServer = 194.74.65.68 194.72.9.34
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 5458 bytes




    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    Thanks Actor, I installed avg virus and avg spyware. That other prog you posted appears to be corrupted. I been using it for an hour now and it does appear to be a bit faster but not a great deal.

    I appreciate all your help and time.

    PJ


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You seem to have given me the wrong list, you posted your start up list, I wanted to take a look at your uninstall list. So please do this

    Open HijackThis, click Main Menu, click Open the Misc Tools section, click Open Uninstall Manager, click Save List, and post that Uninstall List in your next reply.

    Did you run JKDefrag? Any problems there?

    Next run HijackThis once more, click "Do a system scan only" and check these entries :

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    Unfortunately I'm kinda puzzled why your laptop is so slow...If anybody has any suggestions then please offer them.

    Please go to this site and run a Full Test for your pc
    http://pcpitstop.com/pcpitstop/default.asp
    Tell me how that goes and paste any information here if possible, if not tell me the results of anything important.

    In your next reply can I get a new HijackThis log, and the Uninstall List, and info from PcPitStop.com.


  • Advertisement
  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    OOps sorry, heres the hijack uninstall log. Ran the defrag and no problem but it only took about twenty minutes. So Im not sure if I was using correct feature. It was a self extracting file and I just hit on the exe file. I will do the remainder of what you said and get bact to ya.






    Adobe Flash Player ActiveX
    Agere Systems AC'97 Modem
    ALPS Touch Pad Driver
    AVG 7.5
    AVG Anti-Spyware 7.5
    CCleaner (remove only)
    HijackThis 2.0.0
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Macromedia Shockwave Player
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Word Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    Personal License Update Wizard for Windows Media Player
    Picasa 2
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    Smart Menus (Windows Live Toolbar)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    Latest hijack log and uninstall list

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 17:52:55, on 17/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\SYSTEM32\sistray.exe
    C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Brendan\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098378460584
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136575239692
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE089B70-C107-46C2-A837-A1CD5D8C8A0F}: NameServer = 194.74.65.68 194.72.9.34
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 4893 bytes






    Agere Systems AC'97 Modem
    ALPS Touch Pad Driver
    AVG 7.5
    AVG Anti-Spyware 7.5
    CCleaner (remove only)
    HijackThis 2.0.0
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Macromedia Shockwave Player
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Word Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    Personal License Update Wizard for Windows Media Player
    Picasa 2
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    Smart Menus (Windows Live Toolbar)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    This is the log from pcpitstop.....

    Test Details
    TipsIn the tips and the tables, red indicates a serious problem, yellow a minor problem, and blue a suggestion.

    • Install more memory
    • Adjust IE browser cache size

    Windows ConfigurationDescription Your Results
    Common Name Windows XP Home SP2
    Full Version Windows XP Home SP2
    First Install Thu Oct 21 2004
    Free Resources 90%
    Fonts Installed 90
    Windows Scripting Version 5.6.0.8820
    PCPitstop Version 170
    CPU Load 1%
    Running ProgramsMalicious or poorly written running programs are a common cause of poor performance and system instability. We strongly recommend that you use an antivirus program such as EZ Antivirus from Computer Associates and a spyware scanner such as PC Pitstop Exterminate on a regular basis. To get control over your running programs we suggest WinTasks 5 Pro. Click on a file name to see more information about it.


    Legend: Virus Spyware/Adware Optional Required No data

    designates programs that can safely be disabled to improve computer performance, PC Pitstop Optimize disables these programs.

    Name Vendor Complete File Name
    SiS Display Utility Silicon Integrated Systems Corporation C:\WINDOWS\SYSTEM32\sistray.exe
    MPBTN.EXE C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
    DSL Agent C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    DSL Connection Status GlobespanVirata, Inc. C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    Office XP speech Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe
    Silicon Integrated Systems Corporation C:\WINDOWS\System32\keyhook.exe
    Microsoft Corporation C:\WINDOWS\system32\msfeedssync.exe
    Print spooler Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
    Windows Update Microsoft Corporation C:\WINDOWS\system32\wuauclt.exe
    AVG Antivirus GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    AVG Antivirus GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    AVG Update GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    Alps pointing device Alps Electric Co., Ltd. C:\Program Files\Apoint\Apntex.exe
    Alps touchpad Alps Electric Co., Ltd. C:\Program Files\Apoint\Apoint.exe
    Agere WinModem Agere Systems C:\WINDOWS\AGRSMMSG.exe
    Internet Explorer Microsoft Corporation C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
    Local Security Authority Microsoft Corporation C:\WINDOWS\system32\lsass.exe
    Service control process Microsoft Corporation C:\WINDOWS\system32\services.exe
    Service host process Microsoft Corporation C:\WINDOWS\system32\svchost.exe

    Performance-Related Windows Settings
    The following settings may be helpful in diagnosing general system performance problems.

    Setting name Value
    Video acceleration disabled No
    Paging of kernel disabled No
    Screen saver running during tests No
    NOIDE key found in registry No
    Running 32-bit code on 64-bit Windows No
    System Restore disabled No
    Large System Cache enabled No
    Has batteries Yes
    Hibernate enabled Yes
    HIBERFIL.SYS present Yes
    Hibernate policy in use Yes
    Sleep/Resume policy in use Yes
    Running on battery power No
    Internet Configuration
    Run our Free PC Pitstop Optimize 1.5 Scan to check proper registry settings for your connection type. Optimize tweaks the optimal registry values to get the most from your Internet connection.

    Try our free Optimize 1.5 Scan Now!

    Learn More.
    Description Your Results
    Bandwidth Down 244 Kbits/sec
    Bandwidth Up 244 Kbits/sec
    Average Ping 119 ms
    Ping Loss 0%
    TCP Receive Window 65535
    External IP Address 81.129.197.41
    Internal IP Address 81.129.197.41
    Browser MSIE 7.0; .NET CLR 2.0.50727
    IE current cache 10 MB
    IE max cache 125 MB

    Packet8 Internet Phone Service
    Make unlimited voice calls on your broadband Internet connection for only $19.99/month! Forget long distance phone bills with Packet8 Voice-over-IP technology.
    Click here for information on how to get startedThe Bandwidth tests measure the Internet bandwidth between your computer and PC Pitstop's servers. In general, if your bandwidth result is at least 85% of the rated connection speed, you're receiving good throughput (though shared connections may affect this, too).

    Average Ping measures the round-trip time for a packet to travel from the PC being tested to PC Pitstop's web site and back; lower numbers indicate better performance. Ping times under 150ms are typical of T1, DSL, or cable modems. Consistent ping times of more than 500ms should only be seen in connections that span continents (e.g., USA to Europe) and/or are linked by satellite. Ping losses usually indicate serious Internet congestion.

    Internet performance can be erratic for many different reasons, so you can't expect to get maximum bandwidth and ping performance every time you test. You should test several times and at different times of the day to get the most accurate picture of your connection speed. To repeat only our Bandwidth test and get more information, plus tips for improving performance, click here. For additional testing of your browser configuration and Internet connection, we recommend BrowserTune.

    More Internet related Settings
    The following settings may be helpful in diagnosing internet performance problems.

    Setting name Value
    Using a proxy No
    HTTP 1.1 through proxy Enabled Yes
    HTTP 1.1 Enabled Yes
    Check for newer pages turned off No
    Show Pictures No
    Format docs using my style sheet No
    Content Advisor enabled No
    Check Associations Disable No
    Enable Automatic Image Resize Yes
    Enable third-party browser extensions No
    Enable page transitions Yes
    Always use my {colors|fonts|size} No
    Security ConfigurationDescription Your Results
    IE Restricted Zone Permissions None


    Security-Related Windows Settings
    The following settings may be helpful in diagnosing spyware and browser hijacks.

    Setting name Value
    Explorer: Some drive letters are hidden No
    Explorer: Hide extensions for known file types No
    Explorer: Hide protected operating system files No
    Explorer: Do not show hidden files and folders No
    Explorer: Do not display contents of system folders No
    HOSTS location remapped via the Registry No
    System File Protection disabled No
    Main BoardDescription Your Results
    Brand/Model Dell Computer Corp. Inspiron 1000
    Type Portable
    Serial Number 4VRT151
    BIOS Dell Computer Corp. A04 (Q3B01) 08/03/2004
    System Board Quanta Computer Inspiron 1000
    ProcessorDescription Your Results
    Brand/Model Intel Celeron M
    Nominal Clock Speed 2200 MHz
    Measured Clock Speed 2200 MHz
    CPU Load 1%
    Speed Rating 4152 (106% of 285 similar)
    Memory ConfigurationDescription Results
    RAM installed 256 MB
    Windows RAM 222 MB
    Total RAM slots 2
    Available RAM slots 1
    Max RAM module size 512 MB
    Memory Type 256+0;DIMM,DRAM,|Synchronous;T16
    Speed Rating 4234 MB/s (105% of 285 similar)
    Memory Tip
    On virtually any system, memory is the best bang-for-the-buck upgrade, especially if you currently have 256MB or less. Installing memory is a snap, it just works and your PC is faster. PC World has put together a step-by-step guide if you need help.
    With prices so low lately I've purchased a lot of memory, and all of it has been from Crucial. Their prices beat the competition and they currently have free shipping.
    -- Rob Cheng, CEO, PC PitstopUpgrading memory can give your computer extra performance. Crucial Technology can identify the memory you need at very competitive prices.

    Speed rating is measured in megabytes per second. The percentage indicates the performance of this system compared to systems in our database with a similar CPU and clock speed; the number of similar systems is also shown. For example, a score of 50% would indicate this system had half the performance of comparable systems; 200% would indicate twice the performance. A "normal" number is 100% plus or minus about 15%.

    The System Management BIOS is reporting that there is 256 MB of RAM, but Windows reports that 222 MB is available. The most common reason for this discrepancy is that your system uses some system RAM for the video graphics card or BIOS functions. This case is common in highly-integrated PCs with video graphics built into the system board, and does not require any changes on your part.

    There is a large discrepancy between the memory reported by the BIOS versus Windows. Often, this indicates a System Management BIOS (SMBIOS) problem and you may be able to fix it with a BIOS upgrade available from the vendor. SMBIOS results can be incorrect even if the power-on self test (POST) detects all of your installed RAM. For more insight into what your SMBIOS reports and why it can be wrong, download and run our SMBIOS reporting tools.

    Drive LettersThese are drive letters associated with hard disk drives. This list does not include drive letters for floppy disks or other removable media such as CD-ROM, DVD, Zip or Jaz drives.

    Description Drive C
    Partition format NTFS
    Cluster size 4 KB
    Drive label No Label
    Size 28592 MB
    Free space 23358 MB (82%)
    Junk files 22 MB (0%)
    System Restore Space 846 MB (3%)
    Data fragmentation 0%
    File fragmentation 0%
    Uncached speed 11 MB/s (79%)


    Percentages shown for free space, junk files (temporary files, browser cache, Recycle Bin files), and system restore space represent the size relative to the total disk capacity. A disk with 50% free space is half-full (or half-empty, if you're an optimist). PC Pitstop Optimize is an easy way to keep your hard disk free of unnecessary files.


    Our full tests only perform disk health checking on the C drive. We recommend that you check the health of your other drives using Disk MD.
    Data fragmentation measures the percentage of data on the disk that is contained in fragmented files. File fragmentation is the percentage of files on the disk that are fragmented. Some disk optimization programs such as Window's Disk Defragmenter intentionally fragment files to place them in the best position to ensure quick program loading, so the fragmentation measures may be non-zero even after running a disk optimizer. For more details check out Disk MD.

    Cached and uncached speed is measured in megabytes per second (MB/s). When a percentage is shown for cached and uncached speed, it compares the performance of the drive with those of systems in our database with the same processor and clock speed. (Our database currently has 285 similar systems.) A rating of 200% means a disk is twice the performance of similar systems, 50% means it's half the performance. Cached disk speed generally measures the efficiency of the system's processor and memory system, not the performance of the hard disk. Uncached speed is most affected by the physical hard disk and the disk interface.

    Disk DrivesHere are the physical disk drives that we have detected on your system:

    Drive 0
    Drive letters C
    Removable media No
    Brand/Model TOSHIBA MK3021GAS
    IDE details DMA
    Serial number
    Revision level


    For IDE drives, IDE details show whether the drive has DMA enabled and is an IDE master (single drive, or master drive in a master/slave pair).

    CD/DVD DrivesHere are the CD and DVD drives that we have detected on your system:

    Model Type Max Read Speed Max Write Speed
    MAT****A CDRW/DVD UJDA760 CD-RW 4234 KB/s (24X) 4234 KB/s (24X)


    Video BoardDescription Your Results
    Brand/Model SiS M650
    Resolution 1024x768 pixels
    Colors 16 million
    DirectX version 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
    OpenGL version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Acceleration options Enabled
    Performance 124.9 MP/s (119% of 176 similar)


    Get Updated Drivers!
    Run TouchStone's Free DriveAgent to find your PCs most up-to-date drivers.

    Better Performance
    Improved Stability
    Fast and Easy

    PC Pitstop's video performance performs a basic test of your system's graphics capabilities and reports the result in millions of pixels displayed per second (MP/s). The percentage indicates the performance of this system compared to systems in our database with a similar CPU, clock speed, and video board. For example, a score of 50% would indicate this system had half the performance of comparable systems; 200% would indicate twice the performance. Determining "normal" performance can be difficult, there can be wide differences due to video drivers even on the same video board. (You can use TouchStone's DriverAgent to see if you have the latest driver.)

    MonitorsDescription
    Monitor IBM 0
    Max. Resolution (HxV) 1600 x 1200 pixels
    Screen Size (HxV) 28 x 21 cm
    Viewable Diagonal Size 13.78 inch
    Manufacture Date January 2002
    Serial Number 0


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I have no idea why your laptop is so slow.
    Suppose adding more RAM like PcPitStop suggests might help matters.
    Sorry I couldn't be more helpful, I thought all this would have it running pretty good.

    I open the floor to suggestions


  • Closed Accounts Posts: 72 ✭✭CrazyPJ


    I have no idea why your laptop is so slow.
    Suppose adding more RAM like PcPitStop suggests might help matters.
    Sorry I couldn't be more helpful, I thought all this would have it running pretty good.

    I open the floor to suggestions

    Thanks for the effort Actor, I think its a little faster, and I will add some RAM.


Advertisement