Page 1 of 2 12 LastLast
Results 1 to 20 of 33

Thread: > Web Pages Not Loading Properly On Any Browser.

  1. #1
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default > Web Pages Not Loading Properly On Any Browser.

    Hi all,

    I've got a really annoying problem when surfing the internet. Quite often the pages won't load or will show a blank page. When using Firefox I get a message saying "Transferring data from ***xx" and the page never appears. If I hit refresh it sometimes loads a tiny amount of the screen and then says "done" or it will display the code of the page. Sometimes it loads a blank grey screen, again saying the page has finished loading. After hitting refresh several times the page usually loads.

    I know my connection is ok because I can stream radio and play online games for hours without disconnecting, the problem only affects my web browsing. I've run the following scans:


    Avast! Anti-virus
    Spybot S&D
    AdAware
    Vundofix
    VirtumundoBeGone
    CCleaner

    I've also followed a manual guide on removing the vundo trojan, here:

    Firefox cannot load certain web sites (Vundo trojan)

    None of these methods have worked and I still have the problem, no matter what browser I use.

    However, if i boot my machine into safe mode with networking the problem isn't there and I can surf fine.

    I'm connecting to my router with an ethernet cable and have tried different filters and a different router, the problem still persists.

    I'm hoping someone can offer some suggestions as to what I can try next as this problem is driving me round the bend

    Thanks in advance

    P

  2. #2
    Wolfeymole
    Guest

    Default

    You may have a load of other trash running so please follow the steps below.

    Your computer could be infected with Malware.

    • Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
      It is a combination of the words malicious and software.
      The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.


    • Required Cleanup Steps
      1. Disable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled
      2. Run a Temporary file and cache cleaner (ATF)
      3. Run 2 Anti-Malware scanners (Listed Below)
      4. Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below)
      5. Clear out old System Restore points
      6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested.


    The reason to run multiple scanners is to ensure that no single scanner is missing something.
    The time it takes will vary depending on your system and your internet connection speed.
    Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.
    The ESET online scan should take between 1 to 3 hours.
    In most cases, these scans will suffice to clean and disinfect your computer.
    Heavily infected systems or slower PCs can take much longer to scan and clean.

    For best results print the following instructions and bookmark this Web page
    To keep this guide printer-friendly, use your cursor to highlight the contents below.
    From your browser select File - Print and in the printer dialog box under "Print range"
    click the Selection choice to print out these instructions for removal of malware.
    __________________________________________________

    STEP 1
    • Disable Spybot Search & Destroys' TEA TIMER: (if installed)
      1. Run Spybot-S&D in Advanced Mode.
      2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
      3. On the left hand side, Click on Tools
      4. Then click on the Resident Icon in the List
      5. Uncheck "Resident TeaTimer" and OK any prompts.
      6. Restart your computer.

    __________________________________________________

    STEP 2
    • Follow these instructions carefully.
    • Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware.
    • You can also download it from Majorgeeks.com
    • When you run ATF-Cleaner, check the items as shown below for Main.
    • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
    • NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
    • Then click on "Empty Selected".
    .
    __________________________________________________

    STEP 3
    • Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com
      • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
      • You do not have to send them your e-mail address, just click next.
      • You can leave the automated check for updates on.
      • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
      • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
      • On the Top Left select the Scan your computer button.
      • Make sure there is a CHECK MARK on all Fixed Drives.
      • Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.

    __________________________________________________

    STEP 4
    • Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download)
      • Accept all defaults for the installer
      • Allow the program to update the definitions
      • Click on the Quick Scan and click Next.
      • If any items are found allow it to clean them and then Reboot your computer.

    __________________________________________________

    STEP 5
    • Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner
      • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
      • If your computer is running Window's Vista, then you must first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu.


      • Accept the terms and click "Start".
      • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
      • Click "Start" to begin the scan.
      • When completed restart your computer

    __________________________________________________
    Make sure your internet firewall security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
    At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

    If required this is the download link for TrendMicro™ HijackThis™
    Unless instructed to by the Technician helping you then do not download this tool.

    Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.
    Please follow the instructions here
    How to turn off and turn on System Restore in Windows XP
    How to turn off and turn on System Restore in Windows Vista

  3. #3
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Wolfeymole,

    Thanks for the reply and the instructions. I've followed all the steps and so far so good, the problem seems to have improved. The software picked up quite a few problems my other scans hadn't so hopefully that has sorted it.

    I'll continue testing it and if it starts happening again i'll let you know.

    Thanks again

    P

  4. #4
    Wolfeymole
    Guest

    Default

    Please do PK as we may have to ask you to run the software from Trend Micro.

  5. #5
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hmm, it looks like I jumped the gun as i've logged on today and i'm still getting problems when surfing. They don't seem as bad but i'm still having to click refresh several times to get pages to load.

    What do you suggest I try next?

    P

  6. #6
    Wolfeymole
    Guest

    Default

    As I mentioned earlier PK please now follow the instructions for Hijack This.

    Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop.
    • Doubleclick HJTInstall.exe to install HijackThis.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log by copying and pasting in your next reply.

    Notes:

    Do not use the AnalyseThis button, its findings are dangerous if misinterpreted.
    Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should.

  7. #7
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Here is my logfile:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Sun\StarOffice 8\program\soffice.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  8. #8
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    sorry, i've been trying to send it in two parts as it was too big, my connection has been so bad its taken ages

    part 2:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138541459156
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

  9. #9
    Wolfeymole
    Guest

    Default

    There should be a one last part to the log PK once you have submitted that I will then move it to the Malware forum for our malware team to look at.

  10. #10
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    That was the whole log, the only bit I missed was:

    --
    End of file - 10600 bytes

    but I didn't think you'd need that. I've run hijack this again and got the same logfile.


    P

  11. #11
    Wolfeymole
    Guest

    Default

    Thanks PK now I will move it and we ask that you allow a Malware expert to look at this information and offer advice to assist you.

    Please bear with us on this.

  12. #12
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    No problem Wolfeymole, thanks for the assistance

  13. #13
    Wolfeymole
    Guest

    Default

    I notice the lack of support on your post PK and I will try to take steps to rectify this situation.

    Please accept my apologies.

  14. #14
    FPCH Long Term Member AdvancedSetup's Avatar
    Join Date
    Jan 2008
    Location
    34° 12' 35" N, 118° 29' 21" W
    Posts
    819

    PC Experience:
    Systems Engineer


    Operating System:
    Server 2003 Enterprise

    Default

    There are a couple of items that I need to do some research about. Will get back to you later tonight on them.

    Think it may be some services you have running and no so much Malware.

    Wife wants me to do some stuff so will try to be back later tonight on this.
    Need help with your computer problems? Then why not join Free PC Help. Register here
    If Free PC Help has helped you then please consider a donation. Click here

    Malwarebytes' Anti-Malware | Malwarebytes' Products | SUPERAntispyware | HijackThis | Spybot Search & Destroy | hpHosts | SpywareBlaster | WinPatrol | SiteHound | FireFox | NoScript | Adblock Plus | Sandboxie | Acronis True Image | ThreatFire | ESET Online Scanner | Kaspersky Online Scanner | Panda Online Scanner | Trend Online Scanner | Avira AntiVir Personal | Avast Free AV | CCleaner | ATF-Cleaner | Online Armor Firewall | Outpost Firewall Free | DirectX | Office Compatibility Pack | Office 2003 (SP3) | SubInACL | Windows Defender | Windows Installer 3.1 | IE7 XP | XP SP3 for IT | Sysinternals | Virtual PC 2007 | Returnil


    We are all members helping other members.
    Please return here where you may be able to help someone else.
    After all, no one knows everything and you may have the answer that someone needs.

  15. #15
    FPCH Long Term Member AdvancedSetup's Avatar
    Join Date
    Jan 2008
    Location
    34° 12' 35" N, 118° 29' 21" W
    Posts
    819

    PC Experience:
    Systems Engineer


    Operating System:
    Server 2003 Enterprise

    Default

    Okay well you have WAY too much stuff running on startup for one thing.

    You have some services that if it were my machine I'd remove, but it's up to you.

    You have Kontiki K Service running which may be from something like "Sky By Broadband" or similar provider.
    Unlikely that it is needed. Here is how to remove it.

    First go into your Control Panel, Add/Remove and see if there is an uninstaller for it and use that first. Then reboot your computer and see if the manual method is still required to complete removing it.

    This is from another site that was having an issue with this software.
    Well, the manual uninstall seemed to work. For those of you in a similar position, here's what I did:

    1. Went into the Services applet (Control Panel - Administrative Tools - Services) and stopped the KService service. I also set it to Disabled.
    2. Opened Regedit, went to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run and deleted the entry for 'kdx'.
    3. Still in Regedit, went to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services and deleted the entry for 'kdx'.
    4. Deleted the entire folder where KService was installed (in my case 'C:\Program Files\KService')
    5. Restarted the machine.

    It all seems to have worked OK. Use these notes at your own risk though
    You also have CDAC11BA.EXE which is an Anti-Piracy driver software. It could be there if you've ever installed Turbo Tax or some versions of AutoCAD or similar programs that use Anti-Piracy with their product. I would remove it myself and then if some product gave me trouble I would re-install it.

    Start REGEDIT and from the menu search for CDAC11BA.EXE to see if you can determine what application might have installed it and let me know and we can try to remove it.

    Please remove Party Poker as well.

    Run HJT and place a check mark on the following items.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    Then click on "Fix selected"


    Download Deckard's System Scanner (DSS) to your Desktop.
    Note: You must be logged onto an account with administrator privileges.

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your reply

    What DSS will do:
    • create a new System Restore point in Windows XP and Vista.
    • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

    Notes: The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to Start=>Run and copy the following "%userprofile%\desktop\dss.exe" /config in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

    When done please post back the Deckard's System Log and we can continue looking at your system.

  16. #16
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Hi AdvancedSetup,

    Firstly thanks for the assistance its greatly appreciated. I've followed your instructions and manually disabled the Kontiki service. I manged to find CDAC11BA.EXE in the registry but couldn't work out what had installed it. I've removed Party Poker, run HJT and removed the entries as advised. I've done a full scan with DSS and the results are as follows:

    Part 1

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-06-30 10:37:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------



    -- Last 5 Restore Point(s) --
    83: 2008-06-30 09:02:55 UTC - RP405 - Deckard's System Scanner Restore Point
    82: 2008-06-29 17:34:46 UTC - RP404 - Installed ATI Catalyst Control Center
    81: 2008-06-29 17:29:57 UTC - RP403 - Removed Realtek High Definition Audio Driver
    80: 2008-06-29 17:29:33 UTC - RP402 - Removed ATI Catalyst Registration
    79: 2008-06-29 17:25:23 UTC - RP401 - Installed ATI Catalyst Registration


    -- First Restore Point --
    1: 2008-04-01 11:29:22 UTC - RP323 - Installed DirectX


    Performed disk cleanup.



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:37:49, on 30/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
    C:\Documents and Settings\Administrator\desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1138541459156
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Codemasters - C:\WINDOWS\system32\pr2agnqb.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

    --
    End of file - 9173 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
    R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
    R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
    R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
    R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

    S0 fcdabus - c:\windows\system32\drivers\fcdabus.sys (file missing)
    S3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fsramdsk.sys (file missing)
    S3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhdaud.sys (file missing)
    S3 Memctl - c:\program files\u-abit\flashmenu\memctl.sys
    S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
    S3 WINFLASH - c:\program files\u-abit\flashmenu\winflash.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.ex e <Not Verified; ; app_filter Module>
    R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

    S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S4 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
    S4 KService - "c:\program files\kontiki\kservice.exe" (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\9067FB508D00
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\9067FB508D00
    Service: NIC1394

    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ROOT\PORTS\0000
    Manufacturer: (Standard port types)
    Name: Communications Port (COM6)
    PNP Device ID: ROOT\PORTS\0000
    Service: Serial


    -- Process Modules -------------------------------------------------------------

    C:\WINDOWS\system32\winlogon.exe (pid 992)
    2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

    C:\WINDOWS\system32\svchost.exe (pid 1448)
    2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter>

    C:\WINDOWS\system32\svchost.exe (pid 1520)
    2006-03-30 14:58:34 131072 --a------ C:\WINDOWS\system32\nvappfilter.dll <Not Verified; NVIDIA; NVIDIA Application Filter>

    C:\WINDOWS\explorer.exe (pid 1096)
    2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
    2005-10-22 12:00:50 7168 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
    2007-11-18 20:56:30 159744 --a------ C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
    2007-11-18 20:55:02 23552 --a------ C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
    2006-02-10 22:31:22 311296 --a------ C:\Program Files\Sun\StarOffice 8\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; >
    2006-02-10 22:31:34 98304 --a------ C:\Program Files\Sun\StarOffice 8\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; >
    2006-02-10 22:31:24 577536 --a------ C:\Program Files\Sun\StarOffice 8\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary>
    2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>

    C:\WINDOWS\system32\rundll32.exe (pid 1416)
    2005-05-25 03:40:00 57344 --a------ C:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

  17. #17
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Part 2


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-27 19:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-30 and 2008-06-30 -----------------------------

    2008-06-29 18:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-29 18:33:23 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
    2008-06-29 17:41:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-29 16:33:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-06-23 18:02:19 0 d-------- C:\Program Files\Trend Micro
    2008-06-22 15:39:45 0 d-------- C:\Program Files\EsetOnlineScanner
    2008-06-22 15:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-06-22 15:33:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 15:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-22 14:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-22 14:55:36 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-06-22 14:55:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-06-22 13:17:21 0 d-------- C:\Program Files\Enigma Software Group
    2008-06-22 12:19:35 0 d-------- C:\VundoFix Backups
    2008-06-22 09:59:18 0 d-------- C:\Temp
    2008-06-20 14:04:02 43202 --a------ C:\WINDOWS\system32\FlashMenu.sys
    2008-06-20 14:03:43 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys
    2008-06-20 14:03:32 0 d-------- C:\Program Files\U-ABIT
    2008-06-20 13:39:57 0 d-------- C:\biosflash
    2008-06-09 10:58:02 691545 --a------ C:\WINDOWS\unins000.exe
    2008-06-09 10:58:02 2558 --a------ C:\WINDOWS\unins000.dat
    2008-06-05 16:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
    2008-06-05 11:47:52 0 d-------- C:\Program Files\Funcom
    2008-06-05 11:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom


    -- Find3M Report ---------------------------------------------------------------

    2008-06-30 10:36:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\StarOffice8
    2008-06-30 09:57:13 0 d-------- C:\Program Files\PartyGaming
    2008-06-29 18:35:37 0 d-------- C:\Program Files\ATI Technologies
    2008-06-29 18:30:00 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-29 17:36:05 4096 --a------ C:\WINDOWS\system32\crash
    2008-06-29 16:44:46 0 d-------- C:\Program Files\d-lusion
    2008-06-22 14:55:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-20 12:53:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-06-20 12:37:54 0 d-------- C:\Program Files\SopCast
    2008-06-10 18:59:58 0 d-------- C:\Program Files\World of Warcraft
    2008-06-09 10:33:34 0 d-------- C:\Program Files\BitLord
    2008-06-09 10:25:16 0 d-------- C:\Program Files\Yahoo!
    2008-06-09 10:23:58 0 d-------- C:\Program Files\NCSoft
    2008-06-09 10:23:35 0 d-------- C:\Program Files\Guild Wars
    2008-06-09 10:21:26 0 d-------- C:\Program Files\Soulseek
    2008-06-09 10:20:23 0 d-------- C:\Program Files\Project64 1.6
    2008-06-07 15:51:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2
    2008-05-28 17:56:29 0 d-------- C:\Program Files\Last.fm
    2008-05-28 17:50:03 0 d-------- C:\Program Files\Apple Software Update
    2008-05-27 23:10:09 0 d-------- C:\Program Files\iTunes
    2008-05-27 23:10:02 0 d-------- C:\Program Files\iPod
    2008-05-27 23:08:51 0 d-------- C:\Program Files\QuickTime
    2008-05-20 21:47:21 0 d-------- C:\Program Files\Octoshape Streaming Services
    2008-05-18 11:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite
    2008-05-15 22:05:05 0 d-------- C:\Program Files\Haali
    2008-05-15 22:05:04 0 d-------- C:\Program Files\ffdshow
    2008-05-15 22:04:40 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption>
    2008-05-15 21:53:28 0 d-------- C:\Program Files\Amazon
    2008-05-15 21:29:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\RTPlayer
    2008-05-15 21:27:02 0 d-------- C:\Program Files\PixiePack Codec Pack
    2008-05-15 21:25:50 0 d-------- C:\Program Files\RapidSolution
    2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files
    2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files\xing shared
    2008-05-12 17:27:19 0 d-------- C:\Program Files\Common Files\Real
    2008-05-06 09:28:03 0 d-------- C:\Program Files\Alwil Software
    2008-05-05 09:31:30 0 d-------- C:\Program Files\AVG
    2008-05-05 08:55:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
    2008-04-01 18:28:50 24664 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-01 13:49:26 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2008-04-01 13:49:26 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "CTHelper"="CTHELPER.EXE" [22/10/2005 12:00 C:\WINDOWS\CTHELPER.EXE]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/04/2007 09:45]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 15:43]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe " [09/07/2001 10:50]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23/07/2007 12:06]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [16/05/2008 00:19]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
    "RTHDCPL"="RTHDCPL.EXE" []
    "SoundMan"="SOUNDMAN.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [17/01/2008 21:52:25]
    StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [25/01/2006 18:42:42]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/01/2007 18:47:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
    AutoRun\command- F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{452ebfda-c41b-11dc-a09b-00508d91989d}]
    AutoRun\command- F:\autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
    C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



    -- End of Deckard's System Scanner: finished at 2008-06-30 10:38:59 ------------

  18. #18
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Part 3

    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-27 19:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-30 and 2008-06-30 -----------------------------

    2008-06-29 18:37:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-29 18:33:23 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
    2008-06-29 17:41:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-29 16:33:00 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-06-23 18:02:19 0 d-------- C:\Program Files\Trend Micro
    2008-06-22 15:39:45 0 d-------- C:\Program Files\EsetOnlineScanner
    2008-06-22 15:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-06-22 15:33:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 15:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-22 14:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-22 14:55:36 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-06-22 14:55:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-06-22 13:17:21 0 d-------- C:\Program Files\Enigma Software Group
    2008-06-22 12:19:35 0 d-------- C:\VundoFix Backups
    2008-06-22 09:59:18 0 d-------- C:\Temp
    2008-06-20 14:04:02 43202 --a------ C:\WINDOWS\system32\FlashMenu.sys
    2008-06-20 14:03:43 3548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys
    2008-06-20 14:03:32 0 d-------- C:\Program Files\U-ABIT
    2008-06-20 13:39:57 0 d-------- C:\biosflash
    2008-06-09 10:58:02 691545 --a------ C:\WINDOWS\unins000.exe
    2008-06-09 10:58:02 2558 --a------ C:\WINDOWS\unins000.dat
    2008-06-05 16:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
    2008-06-05 11:47:52 0 d-------- C:\Program Files\Funcom
    2008-06-05 11:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom


    -- Find3M Report ---------------------------------------------------------------

    2008-06-30 10:36:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\StarOffice8
    2008-06-30 09:57:13 0 d-------- C:\Program Files\PartyGaming
    2008-06-29 18:35:37 0 d-------- C:\Program Files\ATI Technologies
    2008-06-29 18:30:00 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-29 17:36:05 4096 --a------ C:\WINDOWS\system32\crash
    2008-06-29 16:44:46 0 d-------- C:\Program Files\d-lusion
    2008-06-22 14:55:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-20 12:53:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2008-06-20 12:37:54 0 d-------- C:\Program Files\SopCast
    2008-06-10 18:59:58 0 d-------- C:\Program Files\World of Warcraft
    2008-06-09 10:33:34 0 d-------- C:\Program Files\BitLord
    2008-06-09 10:25:16 0 d-------- C:\Program Files\Yahoo!
    2008-06-09 10:23:58 0 d-------- C:\Program Files\NCSoft
    2008-06-09 10:23:35 0 d-------- C:\Program Files\Guild Wars
    2008-06-09 10:21:26 0 d-------- C:\Program Files\Soulseek
    2008-06-09 10:20:23 0 d-------- C:\Program Files\Project64 1.6
    2008-06-07 15:51:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2
    2008-05-28 17:56:29 0 d-------- C:\Program Files\Last.fm
    2008-05-28 17:50:03 0 d-------- C:\Program Files\Apple Software Update
    2008-05-27 23:10:09 0 d-------- C:\Program Files\iTunes
    2008-05-27 23:10:02 0 d-------- C:\Program Files\iPod
    2008-05-27 23:08:51 0 d-------- C:\Program Files\QuickTime
    2008-05-20 21:47:21 0 d-------- C:\Program Files\Octoshape Streaming Services
    2008-05-18 11:26:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite
    2008-05-15 22:05:05 0 d-------- C:\Program Files\Haali
    2008-05-15 22:05:04 0 d-------- C:\Program Files\ffdshow
    2008-05-15 22:04:40 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption>
    2008-05-15 21:53:28 0 d-------- C:\Program Files\Amazon
    2008-05-15 21:29:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\RTPlayer
    2008-05-15 21:27:02 0 d-------- C:\Program Files\PixiePack Codec Pack
    2008-05-15 21:25:50 0 d-------- C:\Program Files\RapidSolution
    2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files
    2008-05-12 17:27:23 0 d-------- C:\Program Files\Common Files\xing shared
    2008-05-12 17:27:19 0 d-------- C:\Program Files\Common Files\Real
    2008-05-06 09:28:03 0 d-------- C:\Program Files\Alwil Software
    2008-05-05 09:31:30 0 d-------- C:\Program Files\AVG
    2008-05-05 08:55:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
    2008-04-01 18:28:50 24664 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-01 13:49:26 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2008-04-01 13:49:26 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "CTHelper"="CTHELPER.EXE" [22/10/2005 12:00 C:\WINDOWS\CTHELPER.EXE]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/04/2007 09:45]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 15:43]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe " [09/07/2001 10:50]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [23/07/2007 12:06]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [16/05/2008 00:19]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
    "RTHDCPL"="RTHDCPL.EXE" []
    "SoundMan"="SOUNDMAN.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [17/01/2008 21:52:25]
    StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [25/01/2006 18:42:42]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [28/01/2007 18:47:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
    AutoRun\command- F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{452ebfda-c41b-11dc-a09b-00508d91989d}]
    AutoRun\command- F:\autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
    C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



    -- End of Deckard's System Scanner: finished at 2008-06-30 10:38:59 ------------

  19. #19
    FPCH Long Term Member AdvancedSetup's Avatar
    Join Date
    Jan 2008
    Location
    34° 12' 35" N, 118° 29' 21" W
    Posts
    819

    PC Experience:
    Systems Engineer


    Operating System:
    Server 2003 Enterprise

    Default

    You're running Ad-Aware 2007 during startup but unless it's the paid version not sure that it does much running all the time. What piece of it do you use that it has to run all the time?

    Basically you need to review all these applications that are set to START and RUN every time you start the computer. If you're not actively using these programs then I would suggest stopping them from running and manually launch them when you do want to use them.

    Do you know how to use Regedit? Start Regedit and browse to this location
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
    Then on the file menu select File Export and save a copy of the current entries to a new file somewhere you will remember where it is and give it a name you will remember.
    I would use a name like 2008-06-30-(15-20)HKLMSMWCR.REG That is the date, time, and key location.
    Then review all the entries and and delete those items that you do not need to start every time.
    Also do the same thing for this key.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

    I don't want to just randomly delete these items but here is a list of what is currently running each time you start up the computer.

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe


    Items I would consider not loading or starting every time the pc starts up.
    CTHELPER.EXE (is is a Creative Labs plugin helper for the sound card, though if not used why load it)
    H2O (is probably a game hack to bypass a dongle, again probably not needed to run all the time if not used)
    SunJavaUpdateSched (as long as you check for updates on your own no need to load)
    BluetoothAuthenticationAgent (do you use bluetooth every time you use the computer, if not don't load)
    Sony Ericsson PC Suite (same as others, if not used every time don't load it)
    Lexmark X1100 Series (doubt you print every day and need to manage the printer supplies so why load it)
    NeroCheck (Burning Rom, looks for known driver conflicts with Nero software, can be removed it you don't have problems with Nero)
    amd_dc_opt (From my understanding this is an optimizer tool to help the timing when playing older games you may not need it, though it should not be a resource issue either if you do keep it)
    Adobe Reader Speed Launcher (you can probably wait an additional couple seconds for the reader to load if needing to read a PDF)
    QuickTime Task (not needed)
    iTunesHelper (not needed)
    ALCMTR.EXE - more information ALCMTR.EXE startup
    KernelFaultCheck (Unless you're always having crashing problems you probably don't need, but should not be a resource issue either)
    StartCCC - more information here StartCCC
    MagicDisc.exe (unless you're using for virtual disks not needed on startup)
    StarOffice (not needed on startup)


    Please check and disable any items you feel you can do without. Then run the following disk check.
    Click on START - RUN and type in CMD /K CHKDSK C: /F then press the Y key to say yes to check the disk on reboot. Then restart your computer and let the disk check run.

    You should also probably remove this folder if it was part of Party Poker. C:\Program Files\PartyGaming


    Then I would highly recommend updating to IE7 and Service Pack 3 from Microsoft.
    Last edited by AdvancedSetup; 01-07-2008 at 02:13 AM.

  20. #20
    FPCH New Member
    Join Date
    Jun 2008
    Posts
    18

    PC Experience:
    Very Experienced


    Operating System:
    Windows XP - Professional

    Default

    Ad-Aware was opening the Ad-Watch program which is why it was opening at start-up. I've disabled that now.

    I've removed most of the registry entries you recommended apart from CTHELPER as that one loads my sound card on start up.

    I've run CHKDSK and it didn't find anything.

    Unfortunately I've still got the same problems, web pages aren't loading. Due to this I wasn't able to update to SP3 (I got there eventually but the installation just froze). I usually use Firefox rather than IE as I don't like IE at all but will change to that if you think it will help. That said, this problem occurs whichever browser I use.

    Any further help would be much appreciated.

    P.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •