extremely slow internet connection

[caroline123]

Hi... I read through a few threads but couldn't find my exact problem.. so here goes and bear with me as this is my first posting.. my laptop has been running well... now, the connection with the internet is sssssssssssssso slow.. sometimes it just times out.. its almost impossible to link up .
My email is running fine. I have run trendmicro housecall and spy search, as well as adaware and spy doctor... initially had a few minor things but now, nothing.. comes out clean..I've deleted my cookies and temp files and history several times. I've also installed processguard and port explorer, but to tell you the truth ... i don't know what to do with those things! ha ha.. sad, but true!
I know there's a bug somewhere.. every once in a while.. a little box will click on and of in my system tray.. okay run me through it and thanks so much in advance..
Caroline

[caroline123]

Okay good news! I ran Cleanup .. and it erased 1800 temp files and gave me 41.7 MB! Now, its running a lot better...
Okay thanks.. Caroline

[Ried]

Hello Caroline and welcome to TSF,

Perhaps we should still give your system a 'look-see'.

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Do not run it yet.

-----------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Now run the scan with dss.exe that you downloaded to your desktop earlier:

Note: You must be logged onto an account with administrator privileges.[/color]

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Please include the following in your next reply:

Panda results
main.txt
an attached extra.txt

[caroline123]

Ried.. thanks so much! I ran the Panda and it said 1 cookie.. click something... easy rid ... right??
Caroline
PS i have been running normally since i did the cleanup... or what ever its called.... do you think i need to do more...

[Ried]

Hi,

The online scan shouldn't have fixed anything for you. Did you agree to purchase the program?

Yes--humor me and run Deckard's System Scanner--it only takes about 10 minutes.

Post the main.txt here

[caroline123]

okay i will.. it just was sooooooooooo much to run and save and file and so on and so forth!! but i will do that right now... lucky i've just had a margarita..

[caroline123]

..isn't there something i could just 'click on' to get me to the deckard system scanner.. i don't understand the other opening files and what not.
thanks..

[caroline123]

Ried,
Deckard's System Scanner v20070318.32
Run by Caroline on 2007-03-24 at 22:24:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
108: 2007-03-25 05:25:31 UTC - RP363 - Deckard's System Scanner Restore Point
107: 2007-03-24 16:40:09 UTC - RP362 - Software Distribution Service 2.0
106: 2007-03-23 07:01:35 UTC - RP361 - Software Distribution Service 2.0
105: 2007-03-22 16:50:25 UTC - RP360 - Software Distribution Service 2.0
104: 2007-03-21 10:03:22 UTC - RP359 - Software Distribution Service 2.0


-- First Restore Point --
1: 2006-12-25 17:12:18 UTC - RP256 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-24 22:31:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ProcessGuard\DCSUserProt.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Caroline\Local Settings\Temporary Internet Files\Content.IE5\23N8E7KQ\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - @AÛ - (no file)
O2 - BHO: (no name) - pAÛ - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.adobe.com (HKCU)
O15 - Trusted Zone: https://www.ask.com (HKCU)
O15 - Trusted Zone: https://www.msn.com (HKCU)
O15 - Trusted Zone: https://www.quickbase.com (HKCU)
O15 - Trusted Zone: https://www.youtube.com (HKCU)
O15 - Trusted Zone: https://www.zappos.com (HKCU)
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} () - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{A3BE5E90-F683-4089-BF1F-A50F0AC91C3C}: NameServer = 68.4.16.30,68.4.16.25
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - "C:\Program Files\ProcessGuard\dcsuserprot.exe"
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 cbidf - c:\windows\system32\drivers\cbidf2k.sys
R0 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys
R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys
R1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 procguard - c:\windows\system32\drivers\procguard.sys
R2 tmcomm - c:\windows\system32\drivers\tmcomm.sys
R3 BCM43XX (Broadcom 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys
R3 CAMCAUD (Conexant AMC Audio) - c:\windows\system32\drivers\camc6aud.sys
R3 CAMCHALA - c:\windows\system32\drivers\camc6hal.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys
R3 HSFHWATI - c:\windows\system32\drivers\hsfhwati.sys
R3 sdbus - c:\windows\system32\drivers\sdbus.sys
R3 tifm21 - c:\windows\system32\drivers\tifm21.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys
R3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x86.sys

S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys
S3 el575nd5 (3Com Megahertz 10/100 LAN CardBus PC Card Driver) - c:\windows\system32\drivers\el575nd5.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DCSPGSRV (DiamondCS ProcessGuard Service v3.410) - "c:\program files\processguard\dcsuserprot.exe"
R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
R2 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe


-- Scheduled Tasks -------------------------------------------------------------

2006-03-14 14:48:19 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job<ISPSIG~3.JOB>
2006-03-14 14:48:19 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job<ISPSIG~2.JOB>
2006-03-14 14:48:18 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job<ISPSIG~1.JOB>


-- Files created between 2007-02-24 and 2007-03-24 -----------------------------

2007-03-24 18:00:23 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-03-24 18:00:06 0 d-------- C:\WINDOWS\LastGood
2007-03-23 1622 0 d-------- C:\Documents and Settings\Caroline\Application Data\Help
2007-03-22 23:52:34 0 d-------- C:\Documents and Settings\Owner.Gateway\Application Data\Real
2007-03-21 11:01:59 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-21 10:15:09 53480 --a------ C:\WINDOWS\system32\pghash.dat
2007-03-21 10:15:08 113872 --a------ C:\WINDOWS\system32\pguard.dat
2007-03-21 10:09:06 40960 --a------ C:\WINDOWS\system32\dcsws2.dll
2007-03-21 10:09:04 7440 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-21 10:09:04 0 d-------- C:\Program Files\Port Explorer<PORTEX~1>
2007-03-21 10:07:01 44544 --a------ C:\WINDOWS\system32\procguard.dll<PROCGU~1.DLL>
2007-03-21 10:07:01 26688 --a------ C:\WINDOWS\system32\drivers\procguard.sys<PROCGU~1.SYS>
2007-03-21 1057 0 d-------- C:\Program Files\ProcessGuard<PROCES~1>
2007-03-19 19:37:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-18 19:50:24 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-03-18 19:42:14 0 d-------- C:\606ee3d2b4bdeaafb9<606EE3~1>
2007-03-18 17:13:51 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-03-18 17:13:50 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-03-18 17:13:50 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-03-18 17:13:50 59472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-03-18 17:13:50 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-03-18 17:13:50 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-03-18 17:13:45 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-18 17:13:45 0 d-------- C:\Documents and Settings\Caroline\Application Data\PC Tools<PCTOOL~1>
2007-03-18 17:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools<PCTOOL~1>
2007-03-18 17:13:20 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-02-28 16:09:20 0 d-------- C:\Documents and Settings\Caroline\Application Data\Real
2007-02-28 15:35:51 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-28 14:10:56 0 d-------- C:\Documents and Settings\Caroline\Application Data\Lavasoft
2007-02-28 14:10:48 0 d-------- C:\Program Files\Lavasoft
2007-02-28 14:03:11 0 d-------- C:\Program Files\Google


-- Find3M Report ---------------------------------------------------------------

2007-03-24 19:21:38 0 d-------- C:\Program Files\TweakNow PowerPack<TWEAKN~1>
2007-03-24 19:21:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-24 19:15:27 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-23 10:14:36 0 d-------- C:\Program Files\Citrix
2007-03-16 09:10:04 0 d-------- C:\Program Files\Java
2007-02-28 15:35:47 0 d-------- C:\Program Files\Common Files\Real
2007-02-21 10:42:49 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-21 10:40:51 0 d-------- C:\Program Files\Yahoo!
2007-02-21 10:40:50 0 d-------- C:\Program Files\RegistryFix<REGIST~1>
2007-02-21 10:40:45 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-12 12:16:07 0 d-------- C:\Documents and Settings\Caroline\Application Data\Macromedia<MACROM~1>
2007-02-12 11:37:02 0 d-------- C:\Documents and Settings\Caroline\Application Data\Yahoo!
2007-01-30 19:09:09 0 d-------- C:\Documents and Settings\Caroline\Application Data\Viewpoint<VIEWPO~1>
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-05 16:07:06 192074 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-01-02 19:25:44 100724 --a------ C:\WINDOWS\cpeins04.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"RAM Idle Professional"="C:\\Program Files\\TweakNow PowerPack\\RAM_XP.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"!1_pgaccount"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://www.newimagesconcrete.com/gal...ways-etc.html?

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-03-24 at 22:34:52 ---------
How's this??
Caroline

[Ried]

Just click on the link I provided (the highlighted blue title of the tool)

Double click dss.exe and it will run.

It will automatically produce those 2 logs for you. Don't worry about attaching the extra.txt....my last post only asks for the main.txt which you will see on your desktop when the tool finishes scanning.

[Ried]

Nicely done--while I was replying to your previous post.


A couple things to fix here. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers now.

-------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - @AÛ - (no file)
O2 - BHO: (no name) - pAÛ - (no file)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableTaskMgr"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------------

I'm not seeing any Anti-Virus program on your system. I do see anti-spyware and anti-rootkit programs but that's not enough.

Here are 2 very good free Antivirus products which are available:

• Avast!
• AVG

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

Once you've done that, you're good to go.

--------------------------------------------------------------------

Your logs are clean. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[caroline123]

so, did i have anything deadly? i wondered about those two no name things... what is wrong ?
also can i copy to word.. i don't know where the notebook is.. and i might have to do the rest tomorrow... morning.

[Ried]

Sure, you can copy to Word. Notepad can be found by clicking the Start button>All programs>Accessories and in the drop down menu you'll see Notepad.

The entries we are fixing are 'orphaned' so they are no longer doing any harm--just leftover registry entries that your onboard anti-malware programs did not take care of.

[caroline123]

hi Ried.. okay where is your last posting?? i think i may have saved it to word... it was about the left over malware that wasn't doing any harm.
I received this from Panda today: but i thought i did NOT have any virusues:
Hello, my name is Ianire Rasines and I'm in charge of customer services at Panda Software.
During the process of scanning your computer we discovered:

1 viruses found.
1 files infected.

This means your PC is in serious danger. You are running the risk of losing vital information from your computer, or worse still, your personal information or bank details could be stolen or you could infect other computers to which you connect...

If