Jump to content


Photo

Computer takes forever to startup--Norton/unknown updating frequent


  • Please log in to reply
20 replies to this topic

#1 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 16 February 2007 - 11:40 PM

Hello,

I am currently using a HP Pavilion dv1629us Notebook PC which has suddenly been taking a long time to startup and warmup lately. I have no clue as to what has caused this--I have not had downloaded or installed any new software lately. The startup screen (as in the Windows screen with the scrolling blue bar) can last as long as 3-5 minutes, and it takes around 15 minutes for the computer to warm up. I check my task manager during these occurences and have noticed that Norton anti-virus system components (LuCallBackProxy.exe, CCSVCHST.exe, vsmon.exe, svchost.exe, AppSvc32.exe namely) have been hugging and fluctuating CPU from 40-100%. This also may occur during PC use, not only during the loading/warmup of the programs. This has only happened very recently--I have had been using Norton 2007 for awhile and never have had any problems with it until now. Also, taskmgr.exe also frequently hogs up CPU use, 30-70%. My ZoneAlarm firewall icon on the system tray also shows the little white arrow which denotes 'updating' very frequently, even though I'm not sure what is updating (ZoneAlarm or some other program?) Norton has also been popping up lately, telling me that someone has tried to run a portscan on my computer (this usually happens in succession, two times in a row max). I have deleted all cookies and temp internet files on my comp, as well as running Ad-aware and Spybot S&D and full system antivirus scans. Both have detected nothing out of the ordinary other than tracking cookies, which I always delete.

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:40 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159154975562
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...962/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thank you for your help and time!

Edited by Kan, 18 February 2007 - 10:11 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 19 February 2007 - 05:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 11 March 2007 - 05:12 PM

Hello Kan,

Sorry it has taken so long for someone to respond. It gets very busy around here and everyone who helps here is a volunteer. Often there just are not enough to keep up with the requests for help. If you still require assistance, I will be happy to help you. :cool:

Nothing really jumps out in your log. So let's take care of a few minor things and go from there.

Viewpoint is a program considered undesirable by many. So let's get rid of that first.

Open a command prompt by:

1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).

Now, locate and 'stop' the following services, if present:

Viewpoint Manager Service - Viewpoint Corporation ... (C:\Program Files\Viewpoint\Common\ViewpointService.exe)

Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.

Next, press Ctrl+Alt+Delete (All three together) to open Task Manager
1. Cclick (highlight) each of the following (if present):

C:\Program Files\Viewpoint\Common\ViewpointService.exe

2. Click End Process
3.Repeat for each process.
4. Exit Task Manager.

Run HiJackThis and click "Do a system scan only", then check(tick) the following, if present:

Please note: the following are OPTIONAL fixes. They are either well known resource hogs or can be accessed via Start=>Programs when needed.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

With all windows closed except HiJackThis, click "Fix checked".

From "Safe Mode", (Reboot if necessary.) locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:

To show hidden files :

1. Click Start=>Control Panel=>Folder Options=>View tab.
2. Select "Show hidden files and folders"
3. Clear the check mark in "Hide protected operating system files"=>Yes[/color] to confirm.
4. Click Apply=>OK.
5. Close Control Panel.

folders...

C:\Program Files\Viewpoint

Note that some of these file(s) may not be present.

Now let's follow the procedure outlined here. This procedure will help to eliminate many of the common causes for slow computer performance.

Finally, come back here and post a new HijackThis log and a description of how your computer is running. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#4 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 12 March 2007 - 09:23 PM

Thank you for replying. I do not mind the wait if it results in getting my computer fixed :)
I followed your suggestions in your post and deleted the Viewpoint folder from the computer in Safeboot mode. However, when I restarted the computer normally, I received a popup with the label 'System Configuration Utility' and the message that the System Configuration Utility is currently in 'diagnostic' or 'selective startup' mode, 'causing this message to be displayed and the utility to run every time Windows starts'. It then suggets that I select the 'Normal tab' to start Windows normally and undo the changes I've made. However, I believe this defeats the purpose. Underneath this message is a checkbox asking if I'd like to 'not show this message again or launch the System Configuration Utility when Windows starts'. Should I check this box? I do not know if it is a bad or good thing that I prevent the SCU from launching again.

Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:55 AM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159154975562
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...962/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


Edited by Kan, 13 March 2007 - 01:34 AM.


#5 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 13 March 2007 - 03:26 PM

Hello Kan,

In order to effectively troubleshoot, we need to have all the information available to us. So, until we are finished, we need to load everything that you disabled using MSCONFIG. Next time that you boot up, select The "Normal Start up" tab to undo the changes that you made. We can always go back and change it later if needs be. After the normal start up, let's do the following:

First, let's do a good general cleanup. Download and scan with CCleaner
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

Before first use:
Sselect Options=>Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Select the items you wish to clean up.

A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.

From the main screen:
  • Click Options=>Cookies.
  • Highlight the web sites you wish to keep.
  • Click "->" button.
  • Click Cleaner button to return to main screen.
  • Windows tab:
    **Internet Explorer** header:
  • Select everything .
    **Windows Explorer** header:
  • Select all
    **System** header:
  • Select all
  • Advanced tab:
  • Select all entries
  • Select any others that you choose.
  • Applications tab:
    **Firefox/Mozilla header** (if you use it).
  • Select all
    **Opera** header (if you use it).
  • Select all
    **Internet** header.
  • Select Sun Java
  • Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.
Next,please do an online scan with Kaspersky Online Scanner. (]Internet Explorer only.) NOTE: You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and download the latest definition files.
  • When scanner is installed in latest definitions downloaded:
  • Click Next.
  • Click Scan Settings
  • Select the following:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
[/list]
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Under Select a target to scan:
    • Sselect My Computer
  • The scan will take a while. Please be patient.
  • When the scan is complete, it will display the infections (if any) found..
  • Click Save as Text
  • Save the file to your desktop.
In your next reply, please include the following:
  • The report from the Kaspersky scan.
  • A fresh HijackThis log (run from Normal Start up :)). :wave:
SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#6 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 13 March 2007 - 03:28 PM

Hello Kan,

In order to effectively troubleshoot, we need to have all the information available to us. So, until we are finished, we need to load everything that you disabled using MSCONFIG. Next time that you boot up, select The "Normal Start up" tab to undo the changes that you made. We can always go back and change it later if needs be. After the normal start up, let's do the following:

First, let's do a good general cleanup. Download and scan with CCleaner
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

Before first use:
Sselect Options=>Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Select the items you wish to clean up.

A note regarding cookies: CCleaner allows you to keep the cookies from selected sites such as those which use cookies to save your login information.

From the main screen:
  • Click Options=>Cookies.
  • Highlight the web sites you wish to keep.
  • Click "->" button.
  • Click Cleaner button to return to main screen.
  • Windows tab:
    **Internet Explorer** header:
  • Select everything .
    **Windows Explorer** header:
  • Select all
    **System** header:
  • Select all
  • Advanced tab:
  • Select all entries
  • Select any others that you choose.
  • Applications tab:
    **Firefox/Mozilla header** (if you use it).
  • Select all
    **Opera** header (if you use it).
  • Select all
    **Internet** header.
  • Select Sun Java
  • Select any others thatyou choose.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • Click the "Run Cleaner" button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click "OK"
  • CCleaner will scan and clean your system.
  • When cleaning is complete:
  • Click "Exit".
  • Repeat for all usernames.
Next,please do an online scan with Kaspersky Online Scanner. (]Internet Explorer only.) NOTE: You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and download the latest definition files.
  • When scanner is installed in latest definitions downloaded:
  • Click Next.
  • Click Scan Settings
  • Select the following:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
[/list]
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Under Select a target to scan:
    • Sselect My Computer
  • The scan will take a while. Please be patient.
  • When the scan is complete, it will display the infections (if any) found..
  • Click Save as Text
  • Save the file to your desktop.
In your next reply, please include the following:
  • The report from the Kaspersky scan.
  • A fresh HijackThis log (run from Normal Start up :)). :wave:
SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#7 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 15 March 2007 - 09:41 PM

Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:42 PM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159154975562
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...962/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


And here is the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 15, 2007 8:35:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/03/2007
Kaspersky Anti-Virus database records: 282145
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 83940
Number of viruses found: 1
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:31:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A60BEA16.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kan Mani\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\History\History.IE5\MSHist012007031520070316\index.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Temp\~DFB3A6.tmp Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Temp\~DFB3C1.tmp Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Temp\~DFBA94.tmp Object is locked skipped
C:\Documents and Settings\Kan Mani\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kan Mani\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kan Mani\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\S-1-5-21-1276267081-1403115650-585845036-1006\Dc3.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\RECYCLER\S-1-5-21-1276267081-1403115650-585845036-1006\Dc3.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\RECYCLER\S-1-5-21-1276267081-1403115650-585845036-1006\Dc3.exe NSIS: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP76\A0018049.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP76\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A213DCD7-0C70-4320-AFFB-DBFBFF73F22E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Note: I did not yet remove the only suspicious object that was not not locked.

Thank you :D

Edited by Kan, 16 March 2007 - 02:53 PM.


#8 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 16 March 2007 - 06:54 PM

Hello Kan,

Thank you for the latest logs. For your own future reference, it's not necessary to paste your logs into a Quote box. You can just go ahead and paste them directly into the message body. (Makes it easier for me to read them, too. LOL)

I'll look over your Kaspersky log in get back to you as soon as possible.

While waiting for my recommendations, please follow the suggestions set forth here: Slow PC. Lots of good information there.

By the way, the easiest way to keep track of replies is to enable the e-mail notification. That way, you'll get an e-mail when I have posted a reply. :wave:

SpotCheckBilly

PS Sorry for the double post. Don't have a clue how that happened. :D
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#9 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 16 March 2007 - 08:20 PM

Okay, I won't paste them in the quote boxes anymore :D From the link that you sent me, I'm thinking that it may be Norton that is making my laptop run so slow. I'm not too sure though--I've had Norton installed since a while ago and things have started to become sluggish only recently. However, when I check the task manager, it's usually the Norton components that hog all the CPU. I'm thinking of removing it, but Norton's been helpful in blocking the portscans that keep on trying to be run on my comp, and I don't know if I uninstall it if I can install it again--it cost $$ and I bought the download version from the site instead of a hard copy. What free anti-virus programs would you recomment? I'm hearing things about Avast and AVG, but I'd like a professional opinion :D

Thank you for your help and your time.

#10 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 17 March 2007 - 05:51 PM

Hello Kan,

OK, first off, you can go ahead and get rid of that object which wasn't locked. I'm sure that you noticed most of those locked items were related to Symantec or your system.

As far as Norton goes, it seems as if every time there is an update to the program it gets more resource intensive. I used Norton for years but ended up getting rid of it just for that reason. You should be able to reinstall it if you decide that you need to. I'm sure that you were given a key when you downloaded the program that you should be able to use should the need arise.

As far as free AV software goes, I usually recommend AVG. Everyone in my family uses it and they all like it. Click the link in my signature to check out the full product line, or click Here to go directly to the free version. Additionally there are some very good free firewalls. Personally, I use Zone Alarm. It's easy to configure and there's a link to the site in my signature below.

Many times, slow performance is caused by unnecessary processes running in the background. You should visit Black Viper for a wealth of information on what you need running on your machine based on your use. When I first got my computer, I had 55 processes running in the background. I was able to trim that down to 33 using information I found there.

In addition to running a program such as CCleaner, I always recommend a manual "junk removal", such as set forth here:

Delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself), for example:
  • C:\WINDOWS\Temp\--->Everything After the \.
  • C:\Temp\--->Everything After the \.
  • C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
  • Repeat for all users.
Also delete your Temporary Internet Files:
  • Click Start=>Control Panel=>Internet options.
  • Under the Generaltab.
  • Click Delete Files button.
  • Place a check-mark in Delete all off-line content.
  • Click OK=OK
  • Exit Control Panel
  • Repeat for all users.
Empty the recycle bin:
  • Right-click the Recycle Bin icon on your desktop.
  • Select "Empty Recycle Bin".
  • Repeat forall users.
I recommend this because the automatic removal programs don't always get everything.

By the way, try not to get discouraged. Ferreting out the causes of poor performance can take several go arounds. :D

When finished with the above, please post back and let me know how you are getting on. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#11 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 March 2007 - 07:26 PM

A question--how do I get rid of the infection object found by Kaspersky? I just realized that there isn't a 'delete' option--only a send option. Do I trace the object by its source path and delete it manually?

#12 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 18 March 2007 - 03:38 PM

Hello Kan,

Yeah, one of the bad things about the Kaspersky online scan is that it doesn't offer removal, just detection. You can just follow this the path to the file and delete it manually. If it gives you any problems, try doing it in Safe Mode.

A you still experiencing slow performance? Have you had a chance to check out Black Viper? Let me know how things are going. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#13 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 March 2007 - 03:27 AM

Thank you for your help. I've been pretty busy lately, so still haven't yet removed the suspicious object from the computer. I will let you know if there are any improvements after I get a chance to check out the site you linked to.

#14 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 20 March 2007 - 04:53 PM

Hello Kan,

Being very busy seems to be a common affliction LOL. Solving pesky computer annoyances is usually not at the top of your priority list...... unless, of course, you use it to make a living.

I'm subscribed to this thread so whenever you post back I will be notified by e-mail and won't lose track of you. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#15 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 April 2007 - 02:18 AM

Sorry that it took so long to reply. It's been a long week :(

I applied the changes and manually deleted the rest of the files left in the TEMP folders. However, one file could not be deleted--a pop up said that it was either in use or something to that effect. I've also gone through the services with the site you linked to--Black Viper. Thank you, it was extremely helpful and informative on what's running on my computer. I applied a few changes based on the advice given, however there seems to be a lot of other services (or applications?) running on my computer which are not listed. Unfortunately, my computer is still starting up slow, even after this. I've found that the main culprit seems to be one of the services listed as 'svchost'. It hogs up to 99% CPU, and also takes up quite a bit of memory. A friend of mine recommended the tool called 'EasyCleaner', by ToniArts. It serves in function similiar to CCleaner, but also gets rid of a lot of unwanted (supposedly) registry files. After these files were deleted, I've found out that applications such as Word open faster, but little else has changed :(

Oh, and addition to this, I deleted a whole mess of files that I backed up on a PC, restoring a whole chunk of room.

Here is a new HJT log file, since it's been such a while:

Logfile of HijackThis v1.99.1
Scan saved at 1:15:58 AM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159154975562
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...962/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thank you again for your help and time :)

#16 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 02 April 2007 - 03:37 PM

Hello Kan,

No problem with the delay. :D That's why I subscribe to this thread. No matter how long between posts, I always get e-mail notification that you have replied. Wonderful thing... that.

OK, so let's move on.

However, one file could not be deleted--a pop up said that it was either in use or something to that effect.

This is a pretty common occurrence and there are a couple of ways to handle it. The first, and easiest, is to open the task manager by hitting Ctrl+Al+Delete (all three at the same time). Scroll through the list of running files to see if the one you are trying to delete is isted there. If it is, highlighted, then click "End Process" in the confirmation box, click "Yes". Then navigate to the file and try and delete it. The other method that will often work is to start the computer in Safe Mode. Restart your computer. Contiunally tap F8 until a menu appears. Use your up/down arrow key to highlight Safe Mode. Then hit "Enter". When the computer finishes booting, navigate to the file and try to delete it.

If neither one of these methods work, there are other options that we can use.

There is another scan I would like you run to see if any other little nasties are running on your computer.

Download Silent Runners.zip and extract it to your Desktop.
  • Double-click the Silent Runners.vbs file.
  • You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
  • If your antivirus program has a script blocker, you may get a prompt asking if you want to allow Silent Runners.vbs to run.
  • Please allow it. Note: A text file named Startup Programs (computer name) date.txt will show up on your desktop-the script has NOT finished yet.
  • Let the scan run (It won't appear to be doing anything!)
  • When the "All Done!" prompt flashes up, the script will be done running and the log file will be complete.
in your next reply, let me know if you are able to delete that file. Additionally, please copy/paste the contents of the Silent Runners log to post it here. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#17 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 05 April 2007 - 12:41 AM

I tried to do as you said, but F8 didn't yield anything during the restart. I saw that there are 2 other keys, F10 for setup and F12 for reboot from lan. I didn't know what the latter meant, but I tried going into setup from F10 to see if I could reboot into safemode from there, but I didn't find anything. Next time, I will try to use the msconfig method you posted earlier to get into safemode (although I'm not sure if I"ll be prompted with the same 'undo changes' popup again if I do delete something).

Here is the Silent Runners log:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"(Default)" = "(empty string)" [file not found]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."]
"QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."]
"eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"RecGuard" = "C:\Windows\SMINST\RecGuard.exe" [empty string]
"DeleteLog" = "c:\windows\system32\oobe\DeleteLog.exe" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kan Mani\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]

D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]


Startup items in "Kan Mani" & "All Users" startup folders:
-------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Photosmart Premier Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Norton Internet Security - Run Full System Scan - Kan Mani" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 123 seconds.
---------- (total run time: 197 seconds)

#18 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 05 April 2007 - 05:30 PM

Hello Kan,

To Get into Safe Mode, try shutting the computer down completely and waiting 30 seconds first. On my machine, if I just restart, I don't get the beep or the opening Dell screen, which is one you need to start tapping the F8 button. It just seems to go from "off" to normal boot too quickly for me to react. Maybe I'm just too slow in my advanced age LOL.

I will look over your Silent Runners log and get back to you as soon as I can. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#19 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 06 April 2007 - 02:25 AM

Yes, closing the computer and then waiting before starting up again allowed me to access safe mode via F8 :) I deleted all the temp files and rebooted again in normal mode. I checked the temp folder again, and to my surprise the same file was still there! I think it's a new version of the same file: it's called ~DFD7A4.tmp right now but I think last time it had an 8 in it. I still can't delete it from normal mode. Maybe it's a file that's automatically generated by one of my installed programs?

#20 SpotCheckBilly

SpotCheckBilly

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 877 posts

Posted 06 April 2007 - 05:22 PM

Hello Kan,

Sometimes files such as that .tmp file are just backups of, for instance a Word document. I notice that there were several of those beginning with ~DF, all located in the same Temp folder. Since Kaspersky didn't flag them, let's just assume for the moment that they are harmless.

What I'd like for you to do next is to download and run AVG Antispyware, which not only can detect files in locked folders, it can clean/delete/quarantine if found to be malicious. Incidentally, this is a very good program to keep around. It's fully functional for 30 days, after which it will still scan and clean quite nicely. Please download, configure, and run heard the following instructions:

Download and Install: AVG Anti-Spyware.
Once installed, please make the following settings changes:
  • Under the Status menu (which opens by default), under "Your Computer's Security," Change Status on Resident Guard to Inactive
  • Click Update Now
  • Under the now-opened Update menu, uncheck "Download and Install Updates Automatically (Recommended)"
  • Click Scanner in the top bar
  • Click the Settings tab
    • Under "How To Act?" set "Default Action for Detected Malware" to Quarantine
    • Under "How to Scan" ALL boxes should be checked
    • Under "What to Scan," "Scan every file" should be highlighted
    • Under "Possibly Unwanted Software" ALL boxes should be checked
  • Under Reports select "Automatically generate report after every scan" and uncheck "Only if threats were found"
  • Do NOT scan yet: We'll do so shortly.
  • Exit AVG Anti-Spyware.
Reboot into Safe Mode:
  • Restart your computer
  • Contiunally tap F8 until a menu appears.
  • Use your up/down arrow key to highlight Safe Mode.
  • Hit enter.
Please close ALL open windows/programs/folders. Have nothing else open as it can interfere with AVG Anti-Spyware while performs its scan!

Run the AVG Anti-Spyware Scan
  • Click on the Scan Tab
  • Click on Complete System Scan
  • Let the program scan the machine -- it can take a while, just give it time.
  • When scan has finished, at bottom of screen click Apply all Actions
  • Click Save Report
  • Click Save Report As ("Save As" window should pop up.)
  • Click Desktop
  • Click Save
  • Exit AVG Anti-Spyware
if it should turn out that AVG finds nothing, I think that we can be fairly safe in assuming that your problem is not caused by malware and proceed accordingly. :wave:

SpotCheckBilly
IPB ImageIPB Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
IPB Image

#21 Kan

Kan

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 07 April 2007 - 09:11 PM

The scan came up with a lot of cookies, which were deleted. It also said something like "1 trace found in...". Here is the log from the scan:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:49:22 PM 4/7/2007

+ Scan result:



:mozilla.115:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.339:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.360:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.325:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.326:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.327:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.328:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.329:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.330:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.331:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Adrevolver :

Cleaned.
:mozilla.28:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Advertising :

Cleaned.
:mozilla.29:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Advertising :

Cleaned.
:mozilla.30:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Advertising :

Cleaned.
:mozilla.33:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Advertising :

Cleaned.
:mozilla.34:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Advertising :

Cleaned.
:mozilla.23:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.179:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Bluestreak :

Cleaned.
:mozilla.258:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Bridgetrack :

Cleaned.
:mozilla.259:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Bridgetrack :

Cleaned.
:mozilla.260:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Bridgetrack :

Cleaned.
:mozilla.167:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Burstbeacon :

Cleaned.
:mozilla.139:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.140:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.213:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.214:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.215:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.216:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.217:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.218:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Casalemedia :

Cleaned.
:mozilla.341:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.350:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Doubleclick :

Cleaned.
:mozilla.57:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Doubleclick :

Cleaned.
:mozilla.373:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Esomniture :

Cleaned.
:mozilla.222:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.223:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.224:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.200:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.201:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.202:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.142:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.143:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.102:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.104:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.105:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.106:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.107:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.108:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.109:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.282:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.340:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Imrworldwide :

Cleaned.
:mozilla.342:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Imrworldwide :

Cleaned.
:mozilla.90:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.91:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.296:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Myaffiliateprogram :

Cleaned.
:mozilla.306:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.323:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.31:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.288:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Questionmarket :

Cleaned.
:mozilla.289:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Questionmarket :

Cleaned.
:mozilla.290:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Questionmarket :

Cleaned.
:mozilla.291:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Questionmarket :

Cleaned.
:mozilla.24:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.27:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.166:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kan Mani\Cookies\Kan Mani@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.207:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.208:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.209:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.190:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.191:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.192:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.193:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.194:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.195:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.196:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.197:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.198:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.199:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Specificclick :

Cleaned.
:mozilla.221:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.45:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.46:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.359:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tradedoubler :

Cleaned.
:mozilla.128:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.129:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.130:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.131:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.132:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.133:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.134:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.135:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.136:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.148:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Tribalfusion :

Cleaned.
:mozilla.333:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.180:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Webtrendslive :

Cleaned.
:mozilla.92:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Yieldmanager :

Cleaned.
:mozilla.93:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Yieldmanager :

Cleaned.
:mozilla.94:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Yieldmanager :

Cleaned.
:mozilla.95:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Yieldmanager :

Cleaned.
:mozilla.96:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Yieldmanager :

Cleaned.
:mozilla.168:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.169:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.170:C:\Documents and Settings\Kan Mani\Application Data\Mozilla\Firefox\Profiles\9q8o2uju.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

If malware is not the cause of the problem, then does that mean I'll have to either get a new laptop or erase everything and start clean? On a happier note, the computer seems to be starting up faster. Whereas it used to take around 30 minutes, I think it's around 15-20 minutes now :)




Member of UNITE
Support SpywareInfo Forum - click the button