1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Taking ages to boot up - Hijack Log - please help

Discussion in 'Windows - Virus and spyware problems' started by angus999, Jul 16, 2007.

  1. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    Hi all, I'm having problems with my laptop, it takes about 6 or 7 minutes to bootup.

    I'm running a Compaq Presario, T2050 Dual Core Processor, 1Gb RAM, 120Gb HD. OS is WINXP SP2

    Up until about 2 mths ago, it was starting up as normal. Now it takes ages.

    I run AVG for anti virus, Zone Alarm for firewall. I regularly run Adaware and CCleaner.

    I have also ran WinUtilities. I have cut down lots of programs that used to open on startup, but still it hasn't improved performance.

    I get the Welcome screen, then a blank light blue screen sits there for 5 minutes or so before the desktop appears.

    Can anyone please help speed up my startup?

    This is my hijackthis log, can anyone help please

    Logfile of HijackThis v1.99.1
    Scan saved at 22:20:41, on 16/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\KService\KService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\BayGenie\ProEdition\BayGenie.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazettelive.co.uk/news/news/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gazettelive.co.uk/news/news/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazettelive.co.uk/news/news/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BayGenie] "C:\Program Files\BayGenie\ProEdition\BayGenie.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.citrix.com/404.asp
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165165871402
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Thanks
     
  2. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    There is absolutely NOTHING in your log indicative of such a problem.

    Let's get a close look at your system. Please download Deckard's System Scanner (formerly ComboScan) from the link provided. Save it to your Desktop.

    Note: This program will clear your temporary files.

    Please do a scan with dss.exe. It will only take about five minutes. If it cannot find HijackThis on your computer, it will prompt you to look for it. Please press "yes" and tell the scanner where it is located. If the scanner asks you to download HijackThis, please answer "yes" to that as well. During the scan, your firewall may warn you about a .exe file attempting to connect to the Internet; please allow it. Your antivirus may also detect Deckard's System Scanner as a Possible Threat or RiskTool; it may be better for you to temporarily disable your antivirus.

    Once the scan is done, it will produce two logfiles for you: a "main.txt" (which you see) and an "extra.txt" (which is minimized). Please copy the contents of both these logfiles into your next reply.
     
  3. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    Thanks Fredil, as soon as I get chance, I'll do it and get back to you, Cheers!
     
  4. Auttaja

    Auttaja Guest

  5. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    Hi Fredil, I ran dss and this is the 'main.txt' log, I cannot however, find the 'extra.txt' log anywhere, minimized or not!!

    Thanks

    Deckard's System Scanner v20070711.54
    Run by David xxxxx on 2007-07-17 at 19:33:25
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as David xxxxx.exe) -----------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 19:33:36, on 17/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\KService\KService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\David xxxxx\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\DAVIDxxx.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazettelive.co.uk/news/news/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gazettelive.co.uk/news/news/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazettelive.co.uk/news/news/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BayGenie] "C:\Program Files\BayGenie\ProEdition\BayGenie.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.citrix.com/404.asp
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165165871402
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    -- Files created between 2007-06-17 and 2007-07-17 -----------------------------

    2007-07-17 18:37:34 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
    2007-07-17 18:37:29 0 d-------- C:\Program Files\TechSmith
    2007-07-16 21:56:56 0 dr-h----- C:\Documents and Settings\David xxxxx\Recent
    2007-07-16 20:24:28 0 d-------- C:\Program Files\Microsoft Bootvis
    2007-07-15 21:54:29 0 d-------- C:\Photos
    2007-07-15 21:05:53 0 d-------- C:\WINDOWS\system32\AppData
    2007-07-15 21:05:30 0 d-------- C:\Program Files\WinUtilities
    2007-07-12 21:01:05 0 d-------- C:\Program Files\BayGenie
    2007-07-03 19:48:26 0 d-------- C:\Program Files\Microsoft Encarta
    2007-06-23 18:30:46 0 d-------- C:\ebay photos
    2007-06-22 14:56:04 0 d-------- C:\Program Files\Microsoft Student
    2007-06-22 14:55:21 0 d-------- C:\Program Files\Learning Essentials
    2007-06-19 20:52:21 237568 --a------ C:\Program Files\Uninstall Morpheus Toolbar.dll <Not Verified; Morpheus; Morpheus Toolbar for Internet Explorer, Firefox, and Netscape>
    2007-06-19 14:28:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-06-19 14:22:03 0 d-------- C:\Program Files\MorpheusBar
    2007-06-19 05:49:18 0 d-------- C:\Music Moved
    2007-06-18 20:03:59 0 d-------- C:\Program Files\Windows Live Safety Center


    -- Find3M Report ---------------------------------------------------------------

    2007-07-17 18:35:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-16 22:50:00 0 d-------- C:\Program Files\Symantec
    2007-07-16 22:50:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-07-16 21:42:12 0 d-------- C:\Program Files\Sonic
    2007-07-16 21:42:03 0 d-------- C:\Program Files\Common Files\Sonic Shared
    2007-07-16 21:36:47 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-16 21:32:49 0 d-------- C:\Program Files\GemMaster
    2007-07-16 21:32:10 0 d-------- C:\Program Files\eMule
    2007-07-16 21:31:47 0 d-------- C:\Program Files\DVDFab Platinum 3
    2007-07-16 21:31:46 0 d-------- C:\Documents and Settings\David xxxxx\Application Data\Vso
    2007-07-16 21:31:45 47360 --a------ C:\Documents and Settings\David xxxxx\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2007-07-16 21:31:45 55 --a------ C:\Documents and Settings\David xxxxx\Application Data\pcouffin.log
    2007-07-16 21:31:45 1144 --a------ C:\Documents and Settings\David xxxxx\Application Data\pcouffin.inf
    2007-07-16 21:31:45 7824 --a------ C:\Documents and Settings\David xxxxx\Application Data\pcouffin.cat
    2007-07-16 21:31:28 0 d-------- C:\Documents and Settings\David xxxxx\Application Data\Copernic
    2007-07-16 21:31:08 0 d-------- C:\Program Files\vso
    2007-07-16 21:30:10 0 d-------- C:\Program Files\Sony Corporation
    2007-07-16 21:29:17 0 d-------- C:\Program Files\Paint.NET
    2007-07-15 18:57:15 40 ---hs---- C:\Documents and Settings\David xxxxx\Application Data\.zreglib
    2007-06-25 21:09:18 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2007-06-19 14:28:07 0 d-------- C:\Program Files\Lavasoft
    2007-06-19 14:28:05 0 d-------- C:\Documents and Settings\David xxxxx\Application Data\Lavasoft
    2007-06-18 08:52:11 0 d-------- C:\Program Files\Common Files\Adobe
    2007-06-05 17:39:45 0 d-------- C:\Program Files\BitComet
    2007-05-28 22:05:46 0 d-------- C:\Program Files\MagicISO
    2007-05-28 19:30:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-05-28 17:33:34 0 d-------- C:\Program Files\Microsoft Works
    2007-05-28 17:33:20 0 d-------- C:\Program Files\MSBuild
    2007-05-28 17:31:33 0 d-------- C:\Program Files\Microsoft.NET
    2007-05-28 17:26:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-05-17 20:24:33 0 d-------- C:\Documents and Settings\David xxxxx\Application Data\Atari
    2007-05-07 08:18:32 0 --a------ C:\WINDOWS\system32\mssurun.dat


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    {955BE0B8-BC85-4CAF-856E-8E0D8B610560} C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "BayGenie"="\"C:\\Program Files\\BayGenie\\ProEdition\\BayGenie.exe\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
    "SynchronousMachineGroupPolicy"=dword:00000000
    "SynchronousUserGroupPolicy"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe /startup"
    "kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
    "BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\" /tray"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "csr"="csrrs.exe"
    "\\\\THEDESKTOP\\EPSON Stylus D78 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBGE.EXE /FU \"C:\\DOCUME~1\\DAVIDL~1\\LOCALS~1\\Temp\\E_S47.tmp\" /EF \"HKLM\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
    "QlbCtrl"="\"C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe\" /Start"
    "UVS10 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
    "Windows Services Loader"="\"C:\\WINDOWS\\SYSTEM32\\DRIVERS\\services.exe\" C:\\WINDOWS\\SYSTEM32\\DRIVERS\\serv-u.ini"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "Run StartupMonitor"="StartupMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CHDAudPropShortcut"
    "hkey"="HKLM"
    "command"="CHDAudPropShortcut.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="vptray"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows svchost]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="conf"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\drivers\\etc\\LSASS.exe C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\svchost.exe -b C:\\WINDOWS\\SYSTEM32\\DRIVERS\\etc\\conf.dll"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ERSvc"=dword:00000002

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    -- End of Deckard's System Scanner: finished at 2007-07-17 at 19:34:00 ---------

     
  6. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    That is not normal. At the Desktop, press F3, which should bring up the Search Assistant. Click "All files and folders", and "More advanced options". Under "More advanced options", check the first three boxes. Scroll back up, and in "All or part of the file name", type (without quotes) "csrrs.exe". If it is found, a file name will show up, accompanied by a file path on the left. Tell me that file path.
     
  7. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    The search didn't seem to find anything!!
     
  8. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Are you familiar with BayGenie?

    Please pay a visit to http://www.virustotal.com to upload a file. In the textbox at the top, next to the "Browse" button, copy and paste the following text:

    C:\WINDOWS\system32\mssurun.dat

    Hit "Send". You may have to wait for quite a while due to the queue. When scanning of the file begins, don't interrupt it! It may take up to ten minutes to scan a large file. When the scan is done, the "status box" at the top should say "STATUS: FINISHED". Your file will be scanned with more than 30 antivirus engines for a comprehensive result. When the scan is done, there will be two tables - one with your results and one with information like the MD5 Checksum. Ignore the smaller table - just copy all the text in the larger one and paste it into your reply.
     
  9. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    Fred, I've tried this a few times and keep on getting this message - 0 bytes size received / Se ha recibido un archivo vacio
     
  10. angus999

    angus999 Regular member

    Joined:
    May 24, 2005
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    26
    sorry, also, forgot to mention, yes, I am aware of baygenie, it's an application which assists with bidding in ebay. I only recently installed this so hasn't anything to do with my slow boot up. Thanks
     

Share This Page