Slow startup, lots of spyware

JeepJake · 09-10-2007, 10:48 PM

Issue Description:

My computer has been becoming progressively slower at startup. Windows XP will load to my desktop, but my start menu will be inactive/ non-responsive for nearly 5 minutes, at which time the screen flashes black momentarily, then my desktop reappears and then all works normally. System speed is descent with noticible slow down when using high demand graphics (ie solid modeling, or playing a video game)

I performed a registry scan using "RegCure" it located 2051 errors in various registrys, but I elected not to purchase the program until I had conferred with an expert.

additionally I ran "sfc /scannow, the utility ran and closed without prompting so I presume that it found nothing out of the ordinary.

Below in order are the results from Panda, HJT main, and attached is the extra, as well as a screenshot taken from the aformentioned "RegCure" used as a scan tool only.

Thank you in advance, for your assistance.

Panda scan:

Incident Status Location

Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/apropos Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jake\Cookies\jake@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jake\Cookies\jake@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jake\Cookies\jake@ads.pointroll[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jake\Cookies\jake@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jake\Cookies\jake@com[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jake\Cookies\jake@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jake\Cookies\jake@questionmarket[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jake\Cookies\jake@statcounter[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jake\Cookies\jake@tribalfusion[1].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Jake\Cookies\jake@versiontracker[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jake\Cookies\jake@zedo[1].txt
____________Break______

Hijack This Main.txt:
Deckard's System Scanner v20070905.67
Run by Jake on 2007-09-10 21:18:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
24: 2007-09-11 04:18:33 UTC - RP512 - Deckard's System Scanner Restore Point
23: 2007-09-11 00:52:57 UTC - RP511 - Installed Windows Installer Clean Up
22: 2007-09-11 00:39:58 UTC - RP510 - Configured Quicken 2004
21: 2007-09-11 00:39:21 UTC - RP509 - Removed Photo Click
20: 2007-09-09 17:45:48 UTC - RP508 - System Checkpoint

-- First Restore Point --
1: 2007-09-05 02:52:07 UTC - RP489 - Spybot-S&D Spyware removal

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jake.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:52 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxWare\3DxSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jake\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jake.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxWare\3DxSrv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {13EC470D-6583-42A3-B07D-648F70BC5CA0} (ProtoView Class) - http://www.protomold.com/downloads/P...wSetupV1.2.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189117950484
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7881 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 Mach3 (Mach3 Pulseing Service) - c:\windows\system32\drivers\mach3.sys <Not Verified; Your Corporation; Your Product Name>
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 21>
S3 hcunlock.sys (The driver for unlocking files.) - c:\program files\hackcleaner\hcunlock.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-08-10 and 2007-09-10 -----------------------------

2007-09-10 21:23:27 0 d-------- C:\Program Files\Trend Micro
2007-09-10 19:45:42 0 d-------- C:\Program Files\SpywareBlaster
2007-09-10 19:30:20 0 d------c- C:\ie-spyad_zo
2007-09-10 17:52:58 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-10 17:52:40 0 d-------- C:\Program Files\MSECACHE
2007-09-10 17:48:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-10 17:48:51 0 d-------- C:\WINDOWS\LastGood
2007-09-07 18:39:16 0 d-------- C:\Program Files\Lavasoft
2007-09-07 18:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-07 18:38:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-06 16:21:42 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-06 16:15:24 0 d-------- C:\WINDOWS\network diagnostic
2007-09-06 12:33:08 0 d------c- C:\autoruns
2007-08-11 12:39:22 0 d-------- C:\Program Files\Protomold

-- Find3M Report ---------------------------------------------------------------

2007-09-10 18:48:35 0 d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 18:30:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-10 17:41:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 17:41:01 0 d-------- C:\Program Files\Quicken
2007-09-10 17:41:00 0 d-------- C:\Program Files\Common Files
2007-09-10 17:13:22 126345 --a------ C:\WINDOWS\system32\nvModes.dat
2007-09-06 18:38:18 0 d-------- C:\Program Files\Common Files\Logitech
2007-09-06 18:36:02 0 d-------- C:\Program Files\Logitech
2007-09-06 12:59:55 0 d-------- C:\Program Files\Google
2007-09-06 12:56:34 0 d-------- C:\Program Files\Palm
2007-08-30 19:17:37 0 d-------- C:\Program Files\Java
2007-08-30 19:04:01 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-07-31 20:59:12 0 d-------- C:\Program Files\SolidWorks
2007-07-25 20:29:04 0 d-------- C:\Program Files\DIFX
2007-07-22 21:23:05 0 d-------- C:\Program Files\Qwest
2007-07-22 21:09:14 0 d-------- C:\Program Files\Pure Networks

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/18/2004 05:31 PM]
"nwiz"="nwiz.exe" [06/18/2004 05:31 PM C:\WINDOWS\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 09:59 AM C:\WINDOWS\BCMSMMSG.exe]
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/13/2005 06:10 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 09:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 07:27 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 03:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [10/28/2004 6:36:32 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Start 3DxWare.lnk - C:\Program Files\3Dconnexion\3Dconnexion 3DxWare\3DxSrv.exe [1/31/2006 9:29:18 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

-- End of Deckard's System Scanner: finished at 2007-09-10 21:26:46 ------------

i have attached the HJT extra.txt, and the screenshot of the RegCure scan.

Hope you can help, thanks!

JeepJake · 09-13-2007, 11:21 PM

Bump.

JeepJake · 09-16-2007, 09:30 PM

bump.

JeepJake · 09-19-2007, 08:34 PM

bump.

JeepJake · 09-26-2007, 05:48 PM

bump.

Ried · 09-26-2007, 10:54 PM

Hello JeepJake and welcome to TSF,

There are a few things to get rid of, but you won't see any vast improvement as they would not cause the issues you've described.

Run a scan with HijackThis and 'check' the following entries:

O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Click 'Fix Checked' and close HijackThis.

-----------------------------------------------------------

Navigate to, and delete this folder:

c:\program files\Need2Find

-----------------------------------------------------------

As your issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum.

JeepJake · 09-26-2007, 11:10 PM

Ried,

Thank you for the referral, I will do as you suggest and delete the C:\program files\Need2find folder, and re-post in the xp forum.

thanks again.

Cheers, Jake

Ried · 09-26-2007, 11:12 PM

You're welcome.

I forgot to mention--please let them know that you've been to the HijackThis Log Help and have been cleared.

09-13-2007, 11:21 PM	#2 (permalink)
JeepJake Registered User Join Date: Sep 2007 Location: Bend, OR Posts: 6 OS: Win XP Pro SP2 My System	Re: Slow startup, lots of spyware Bump.

09-16-2007, 09:30 PM	#3 (permalink)
JeepJake Registered User Join Date: Sep 2007 Location: Bend, OR Posts: 6 OS: Win XP Pro SP2 My System	Re: Slow startup, lots of spyware bump.

09-19-2007, 08:34 PM	#4 (permalink)
JeepJake Registered User Join Date: Sep 2007 Location: Bend, OR Posts: 6 OS: Win XP Pro SP2 My System	Re: Slow startup, lots of spyware bump.

09-26-2007, 05:48 PM	#5 (permalink)
JeepJake Registered User Join Date: Sep 2007 Location: Bend, OR Posts: 6 OS: Win XP Pro SP2 My System	Re: Slow startup, lots of spyware bump.

09-26-2007, 10:54 PM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Slow startup, lots of spyware Hello JeepJake and welcome to TSF, There are a few things to get rid of, but you won't see any vast improvement as they would not cause the issues you've described. Run a scan with HijackThis and 'check' the following entries: O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) - O18 - Filter hijack: text/html - (no CLSID) - (no file) Click 'Fix Checked' and close HijackThis. ----------------------------------------------------------- Navigate to, and delete this folder: c:\program files\Need2Find ----------------------------------------------------------- As your issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

09-26-2007, 11:10 PM	#7 (permalink)
JeepJake Registered User Join Date: Sep 2007 Location: Bend, OR Posts: 6 OS: Win XP Pro SP2 My System	Re: Slow startup, lots of spyware Ried, Thank you for the referral, I will do as you suggest and delete the C:\program files\Need2find folder, and re-post in the xp forum. thanks again. Cheers, Jake

09-26-2007, 11:12 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 19,747 OS: WinXP and Vista	Re: Slow startup, lots of spyware You're welcome. I forgot to mention--please let them know that you've been to the HijackThis Log Help and have been cleared. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."