1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: really really really slow startup!why?how to prevent?

Discussion in 'Windows XP' started by Apit, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    im using an Acer travelmate 3210 notebook..Ram:768MB,HDD:60GB,1,73GHz processor...sumtimes,when i turn my computer on,it takes about 5MINS for my dekstop to appear..it usually takes a second right?only the background appear after i login..wat should i do to make this prob go away???
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Click here to download HJTsetup.exe:

    Save HJTsetup.exe to your desktop.

    • *Double click on the HJTsetup.exe icon on your desktop.
    • *By default it will install to C:\Program Files\Hijack This.
    • *Continue to click Next in the setup dialogue boxes until you get to the *Select Addition Tasks dialogue.
    • *Put a check by Create a desktop icon then click Next again.
    • *Continue to follow the rest of the prompts from there.
    • *At the final dialogue box click Finish and it will launch Hijack This.
    • *Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • *Click Save to save the log file and then the log will open in notepad.
    • *Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • *Come back here to this thread and Paste the log in your next reply.
    • *DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    Logfile of HijackThis v1.99.1
    Scan saved at 3:56:58 PM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Elantech\ktp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\windows\system32\ngpw36.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download Cleanup from Here

    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET

    Download the trial version of Ewido Security Suite here.

    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    Click here for info on how to boot to safe mode if you don't already know how.


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    Restart your computer into safe mode now. Perform the following steps in safe mode:


    Run Ewido:

    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop

    Run Cleanup:

    • Click on the "Cleanup" button and let it run.
    • Once it’s done, close the program.

    Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

    Restart back into Windows normally now.

    Do a Panda Active Scan. Be sure to save the log it creates.

    Post a fresh Hijackthis log and the results of the Ewido and ActiveScan.
     
  5. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    Logfile of HijackThis v1.99.1
    Scan saved at 12:43:12 PM, on 1/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Elantech\ktp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: (no name) - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:21:17 AM, 1/23/2006
    + Report-Checksum: F3A86F78

    + Scan result:

    C:\WINDOWS\system32\ngpw36.exe -> Spyware.AdBlaster : Cleaned with backup
    C:\WINDOWS\Sngpw36.exe -> Spyware.AdBlaster : Cleaned with backup
    C:\Documents and Settings\user\Local Settings\Temp\ngpw36.exe -> Spyware.AdBlaster : Cleaned with backup
    C:\Documents and Settings\user\Local Settings\Temp\Sngpw36.exe -> Spyware.AdBlaster : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\user\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.117:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.142:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.143:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\Cache\611A6BABd01 -> Downloader.IstBar.lu : Cleaned with backup


    ::Report End

    Active scan

    Incident Status Location

    Adware:adware/adblaster Not disinfected Windows Registry
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\user\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\user\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\c9b66w6l.default\cookies.txt[]


    ....now my windows and buttons are using classic style!..i cant choose XP!...so is my start menu,it's not on classic start menu,but it looks different!...
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,773
    First Name:
    Frank
    Apit:

    Once JSntgRvr gets through working on your log, and not before, you need to trim down the startup list of its unnecessary running programs:

    adprot (adprot.exe)

    HotKeysCmds (hkcmd.exe)

    KTPWare (ktp.exe)

    IgfxTray (igfxtray.exe)

    MSMSGS (msmsgs.exe)

    MsnMsgr (msnmsgr.exe)
    (Note: The above 2 entries are associated with Windows Messenger and MSN Messenger. You need to open both of them and go into their options/preferences settings, then uncheck the commands that tell them to load when Windows starts and run in the backgeound. These programs can be started manually when you're ready to chat with them)

    QuickTime Task (qttask.exe)

    SunJavaUpdateSched (jusched.exe)

    Too many running programs can reduce overall performance, lengthen startup/shutdown time, cause error messages, etc..

    I'll walk you through the process of disabling them.

    ------------------------------------------------------------------------------------------------------------
     
  7. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    windows and buttons are using classic style!..i cant choose XP!...so is my start menu,it's not on classic start menu,but it looks different!...y??
     
  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Download Luna.zip:

    http://castlecops.com/zx/flrman1/luna.zip

    Download it and unzip it to extract the luna.msstyles file
    it contains. Copy the luna.msstyles file to the C:\WINDOWS\Resources\Themes\Luna folder.

    Restart your machine and go to Display Properties and you should be able to choose the XP theme again.
     
  9. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Run Hijackthis. Place a checkmark on the following lines and click on Fix checked:

    O2 - BHO: (no name) - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - (no file)
    O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe


    Boot the computer is Safe Mode.

    Open Windows Explorer. Navigate and delete the following file:

    C:\windows\system32\adprot.exe

    Restart the computer. Post a new log.

    Is there some improvement in the computer?

    flavallee, will help you trim the startup programs.
     
  10. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    [Boot the computer is Safe Mode.

    Open Windows Explorer. Navigate and delete the following file:

    C:\windows\system32\adprot.exe]

    cant find it..wasnt it deleted when i click fix?...

    [Is there some improvement in the computer?]...i think so...thnx for ur help

    Logfile of HijackThis v1.99.1
    Scan saved at 8:39:40 PM, on 1/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Elantech\ktp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138011493921
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
  11. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    It should'nt have. It is possible is hidden. You can set Explorer to see hidden files and folders and retry. In Safe Mode, open Windows Explorer. Select Tools from the menu, then Folder options. Cick on the radio button labeled "Show Hidden Files and Folders". Also remove the checkmark from "Hide extension from known files". Click Ok.

    Now navigate to C:\windows\system32\adprot.exe and delete the file. Otherwise, follow these steps:

    Download Killbox from any of the sites below, and have it ready to run later-on:

    http://www.downloads.subratam.org/KillBox.exe

    http://www.downloads.subratam.org/KillBox.zip

    Boot the computer in Safe Mode

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.

    C:\windows\system32\adprot.exe

    Note: It is possible that Killbox will tell you that the file does not exist.

    Exit the Killbox.

    Keep me posted.
     
  12. Apit

    Apit Thread Starter

    Joined:
    Jan 13, 2005
    Messages:
    69
    still cant find adprot.exe..but so far,there's no problem with the startup.so its ok i guess.thnx alot
     
  13. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    (y) (y)

    Turn Off System restore to flush the backup points that may also be infected, then turn it back On.

    To turn off Windows XP System Restore:

    Note: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

    Click Start.
    Right-click My Computer, and then click Properties.
    Click the System Restore tab.
    Select "Turn off System Restore" or "Turn off System Restore on all drives" check box.
    Click Apply. The following message appears:
    As noted in the message, this will delete all existing restore points. Click Yes to do this.
    Click OK.


    To turn On Windows XP System Restore:

    Click Start.
    Right-click My Computer, and then click Properties.
    Click the System Restore tab.
    Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
    Click Apply, and then click OK.

    System Restore will create regular backups of selected system files and program files.

    You can also create a Restore Point on your own:

    Start-_All Programs->Accessories->System Tools-> System Restore

    Follow instructions on Screen to create a restore point.

    Here is some advise from our Security Experts to avoid re-infection:

    http://forums.techguy.org/t208517.html

    Use the thread's Tools and mark this thread as "Solved".
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435973

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice