1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win. XP Pro Verrrrrry Slows Startup

Discussion in 'Virus & Other Malware Removal' started by Hannahco, Jul 28, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    Lately computer takes 30 minutes to fully startup. After memory countup computer lingers for 5mins. then on to windows screen for another 25mins. Somebody help me please......:confused::mad: Thanking you in advance.
     
  2. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    Logfile of HijackThis v1.99.1
    Scan saved at 1:40:29 PM, on 7/28/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
    C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\Adobelm_Cleanup.0001
    D:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.101.250/sbms/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 65.120.116.172 mini.aimster.com
    O1 - Hosts: 65.120.116.173 lite.aimster.com
    O1 - Hosts: 65.120.116.174 www.aimster.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5B26B01B-6A65-4C85-BE71-CA9548E3A2B0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF105774 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF1057747 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473 - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B0848 - (no file)
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B08487 - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [TangoManager] C:\Program Files\Covad\Covad DSL\app\TangoManager.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
    O4 - HKLM\..\RunServices: [rundll services] rundllx32.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
    O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
    O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
    O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144121243487
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147139169143
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - http://138.108.63.129/ePlayer/V3_2_0_0/ACNePlayer.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - http://h30043.www3.hp.com/dj/qdiagh.cab?223
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5492B124-068D-4208-ADEB-6B2B7523BB24}: NameServer = 64.105.124.156 64.105.159.251
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5492B124-068D-4208-ADEB-6B2B7523BB24}: NameServer = 64.105.124.156 64.105.159.251
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5492B124-068D-4208-ADEB-6B2B7523BB24}: NameServer = 64.105.124.156 64.105.159.251
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
    O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
    O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
     
  3. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Welcome to TSG.

    This is the first part of the log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:40:29 PM, on 7/28/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    I notice that there are no service packs installed in your windows XP. I would like you to run the following and post the results back here.

    This program will verify whether or not Windows XP Home/Pro is legal or not Legal.
    Please download this from Microsoft and run it on your computer
    Filename = WGADiag2.exe
    http://go.microsoft.com/fwlink/?linkid=52012
    Press "Copy to clipboard" and post the results here

    I hope this Windows XP is legal but if it is not then we can not help you becasue of this. If the Windows XP is the illegal version please follow the below instructions:

    Microsoft did introduce a program where they would replace a pirated copy of XP if it was unknowingly acquired and you will find the details of that offer at this link. I think the best thing for the member to do is to contact Microsoft and they may be able to help the member out.

    http://www.microsoft.com/presspass/press/2005/jul05/07-25WGA1PR.mspx
     
  4. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    Diagnostic Report (1.5.0540.0):
    -----------------------------------------
    WGA Data-->
    Genuine Validation Status: Genuine
    Windows Product Key: *****-*****-4X6KR-W66BF-98GVR
    Windows Product Key Hash: 58dTBRVxnqehUe/j/ldpJT8/XYs=
    Windows Product ID: 55276-011-7184332-22819
    Windows Product ID Type: 5
    Windows License Type: Retail
    Windows OS version: 5.1.2600.2.00010100.0.0.pro
    Download Center code: 7HCS4VC
    ID: a1a98ab7-199a-4940-9c99-518bab62aeab
    Is Admin: Yes
    AutoDial: No
    Registry: 0x0
    WGA Version: Registered, 1.5.540.0
    Signature Type: Microsoft
    Validation Diagnostic:

    System Scan Data-->
    Scan: Complete
    Cryptography: Complete

    Notifications Data-->
    Cached Result: 0
    Cache refresh Interval: 327195 seconds
    Extended notification delay(non-genuine): 14
    Extended notification delay(un-activated): 31
    All disabled: 0
    Reminder reduced: 0
    File Exists: Yes
    Version: 1.5.540.0
    Signatue Type: Microsoft

    OGA Data-->
    Office Status: 100
    Office Diagnostics:

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>a1a98ab7-199a-4940-9c99-518bab62aeab</UGUID><Version>1.5.0540.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><PKey>*****-*****-*****-*****-98GVR</PKey><PID>55276-011-7184332-22819</PID><PIDType>5</PIDType><SID>S-1-5-21-842925246-764733703-1060284298</SID><SYSTEM><Manufacturer>ECS </Manufacturer><Model>K7S5A </Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc. </Manufacturer><Version>07.00T </Version><SMBIOSVersion major="2" minor="3"/><Date>20010402******.******+***</Date></BIOS><HWID>2D000102020201000103020100A2A71DC840665306F00921F6F5E688C458390B1B3E79027CDF2E81E09BCE0000</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{911A0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Outlook 2002</Name><Ver>10</Ver><Val>9CF5E85BB9ACDFA</Val><Hash>1Ggu41R2+mA+9tA2HepOcmjwtV0=</Hash><Pid>54193-OEM-1650002-00509</Pid></Product></Products></Office></Software></GenuineResults>




    I CANNOT UPLOAD SP1 OR SP2 THANKS 4 YOUR TIME...
     
  5. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    To answer your email yes I will try to help you but if you want it you have to bump your thread by posting into it even if it is only one word bump. This way it stays on the front page of the forum section you are in. Also it seems like no one has looked at the log file, well the log file is too old and I would like you to post a new one. Please read the instructions because there is a place I want you to post it and then somebody will read it and try to help you and with the fresh log file. Unfortunately I am not certified to diagnose log files yet even though I am learning how to read them. Please follow the instructions below:

    To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Filename = 1137518044HJTsetup.exe
    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Open a TechSupportGuy forum Reply window under Internet & Networking in Security for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    At the top of your TSG/browser window, hit Edit then Paste
    You should see your copied Hijackthis log appear in the reply space....then, submit the reply and copy and paste the link in the address bar back to the original thread you were in.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  6. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,146
    Hi Hannahco

    Please do *not* create a duplicate thread as you have been advised.
    I have moved your thread to the Security forum.
    Please continue replies in this thread.

    In the future, use the Red Triangle above your post to request your thread be moved.

    Thank you.
     
  7. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,146
    Hi Hannahco

    I received your e-mail. If you still require help, you will need to post back to this thread.
    The ball is in your court.
     
  8. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    Ys I do still need help, Thank You
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,055
    Before we can provide you any assistance, you need to go here and install "Service Pack 1" This will patch numerous security vulnerabilities in IE and Windows. As your machine stands now it is wide open to infection. You need to get these updates before we proceed or we will be wasting our time.

    DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed then come back here and post a new HijackThis log.
     
  10. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
  11. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    I just installed a new hard drive and have the same problem... here's my new info.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:04:45 PM, on 8/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
    D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
    D:\WINDOWS\System32\alg.exe
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
    D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
    D:\WINDOWS\system32\RunDll32.exe
    D:\Program Files\dvd43\dvd43_tray.exe
    D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    D:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\System32\wbem\wmiprvse.exe
    F:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2.exe
    D:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Application Layer Gateway Service] D:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
    O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155601970313
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155664989780
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD38277F-EA20-4FD6-B4AC-D830D4108ACE}: NameServer = 64.105.124.156 64.105.159.251
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,055
    As the problems are on the C: drive, please post the log from there with SP1 installed.
     
  13. Hannahco

    Hannahco Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    7
    D drive is system drive.....
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Have you tried disconnecting the c: drive?
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Verrrrrry Slows Startup
  1. dtall
    Replies:
    0
    Views:
    592
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487307

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice