Tech Support Forum - View Single Post - Pop Up Ads / Vista seems to run slower than before

Blade81 · 11-05-2008, 10:38 PM

Hi

We're not done yet though it may look better :)

Disable Spybot's TeaTimer as I told you earlier otherwise it prevents fixing.

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Start hjt, do a system scan, check (if found):
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

Close browsers and fix checked.

Uninstall old Adobe Reader and get the latest one here or get Foxit Reader here.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

Driver::
Windows Tribute Service

File::
c:\windows\system32\kdkge.exe

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

11-05-2008, 10:38 PM	#4 (permalink)
Blade81 Visiting Teacher/Analyst, Security Team Join Date: Jun 2008 Location: Finland Posts: 759 OS: Win XP, Vista 32-bit, Win7 64-bit	Re: Pop Up Ads / Vista seems to run slower than before Hi We're not done yet though it may look better :) Disable Spybot's TeaTimer as I told you earlier otherwise it prevents fixing. Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu select Advanced Mode On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck Resident TeaTimer and OK any prompts. Restart your computer Start hjt, do a system scan, check (if found): R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html Close browsers and fix checked. Uninstall old Adobe Reader and get the latest one here or get Foxit Reader here. Open notepad and copy/paste the text in the quotebox below into it: Code: Driver:: Windows Tribute Service File:: c:\windows\system32\kdkge.exe Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Refering to the picture above, drag CFScript into ComboFix.exe Then post the resultant log. Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Java Cache The other boxes are optional Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back its report, a fresh hjt log and above mentioned ComboFix resultant log. __________________ Microsoft MVP Consumer Security 2008 2009 ASAP & UNITE member since 2006