Thread: recent trouble- programs slow to start
View Single Post
Old 08-07-2007, 12:00 AM   #8 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,326
OS: N/A


Re: recent trouble- programs slow to start
Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
  • Security Toolbar
P

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)


---------------


Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/172564-recent-trouble-programs-slow-start.html#post1018474
Collect::
C:\WINDOWS\system32\POxi3151.exe
C:\systceg.exe
c:\windows\system32\xdva011.sys
File::
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At4.job
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
C:\WINDOWS\727219582
Folder::
C:\WINDOWS\system32\b02FdUe
C:\Program Files\Security Toolbar
Driver::
Registry::
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline