|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-27-2007, 11:45 AM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2005
Location: Brunswick, Ohio
Posts: 95
OS: win xp pro ser pk 2
|
Was running very very slow until?
Not sure whats going on here but I was running very slow on my intial boot today. Yesterday I thought I was running a LITTLE slow so I ran all the scans that I usuall keep active on my PC. They include AD-AWARE SE with VX2 Cleaner, Spybot search and destroy, AVG anti spyware,Cleanup,& CCleaner. I found several things in each of the first two scans. Things seemed to be running a little better so I was happy. Today on my initial boot I was realy running very slow. It took me forever to get into you site. going thru your 5 steps I ran AS-AWARE SE (in safe mode)again and it found 7 more items that I deleted. Rebooted and now I seem to be running ok. But I decided to go through your 5 steps and ask for help anyhow as maybe Ive got something hiding in the background. Several months back I had a problem with something called "MIRAR". But you helped me get rid of it then. But I noticed on my Ad-Aware SE scan yesterday that there were several instances showing up again. I deleted them. I am up to date with Ser Pak 2 Win XP Pro Free AVG virus is running all the time. Thats about all I can tell you. Thanx for all your help! You people are doing a great job please keep up the good work.
PANDA LOG Incident Status Location Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find Adware:adware/instafinder Not disinfected Windows Registry Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Bob\Cookies\bob@www.burstbeacon[1].txt DSS Main.txt Deckard's System Scanner v20070426.43 Run by Bob on 2007-04-27 at 14:05:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 53: 2007-04-27 18:05:03 UTC - RP53 - Deckard's System Scanner Restore Point 52: 2007-04-25 17:14:32 UTC - RP52 - Spybot-S&D Spyware removal 51: 2007-04-24 21:52:37 UTC - RP51 - Spybot-S&D Spyware removal 50: 2007-04-24 19:41:26 UTC - RP50 - System Checkpoint 49: 2007-04-23 18:17:46 UTC - RP49 - Installed Java(TM) SE Runtime Environment 6 Update 1 -- First Restore Point -- 1: 2007-03-05 15:15:52 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Bob.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2  13 PM, on 4/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Yahoo!\Antivirus\CAVRID.exe C:\Program Files\Yahoo!\Antivirus\CAVTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\Documents and Settings\Bob\Downloads\Utilities\DeckardsSS\dss.exe C:\DOCUME~1\Bob\DOWNLO~1\UTILIT~1\HIJACK~1\Bob.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...ECCHIFEJEAIFEB (file missing) O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard...ECCHIFEJEAIFEB (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/gam...s/y/poti_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard...MSSReportW.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.milbestlight.com/poker/PokerCreations.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- HijackThis Fixed Entries (C:\DOCUME~1\Bob\DOWNLO~1\UTILIT~1\HIJACK~1\backups\) -------------------------------------------------------------------------------- backup-20061214-213544-202 O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab backup-20061214-213544-208 O4 - HKCU\..\Run: [Easo] "C:\WINDOWS\system32\SCURIT~1\chkntfs.exe" -vt yazb backup-20061214-213544-251 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com backup-20061214-213544-262 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html backup-20061214-213544-341 O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe backup-20061214-213544-345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com backup-20061214-213544-437 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com backup-20061214-213544-539 O4 - HKCU\..\Run: [Kojk] C:\PROGRA~1\STEM~1\SOOLSV~1.EXE backup-20070119-135333-734 O4 - HKLM\..\Run: [lauchsrv] C:\WINDOWS\lauchsrv.exe i backup-20070119-135333-755 O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe backup-20070302-102626-146 O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL backup-20070302-102626-229 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere> R1 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere> R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere> R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus> S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller> S3 ATICDSDr - c:\docume~1\bob\locals~1\temp\aticdsdr.sys (file missing) S3 FXDRV - d:\fxdrv.sys (file missing) S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing) S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player> S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S0 wscsvc (Security Center) - \systemroot\\systemroot\\systemroot\\systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing) S2 CAILI - c:\windows\system32\caili.exe S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere> S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module> -- Scheduled Tasks ------------------------------------------------------------- 2007-04-20 11:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-03-27 and 2007-04-27 ----------------------------- 2007-04-27 12:52:13 0 d-------- C:\WINDOWS\LastGood 2007-04-24 19:19:44 0 dr-h----- C:\Documents and Settings\Bob\Recent 2007-04-24 13:52:29 0 d-------- C:\Program Files\Video AX Object 2007-04-20 14:14:15 0 d--h----- C:\WINDOWS\PIF 2007-04-19 14:28:01 0 d-------- C:\LauriesFiles 2007-03-31 02:51:53 0 d-------- C:\Program Files\Common Files\DistributeShield 2007-03-31 02:51:50 0 d-------- C:\Program Files\DVDneXtCOPY2 2007-03-28 16:29:40 0 dr-h----- C:\Documents and Settings\LocalService\Recent 2007-03-28 16:29:40 0 dr------- C:\Documents and Settings\LocalService\My Documents -- Find3M Report --------------------------------------------------------------- 2007-04-27 13:47:32 0 d-------- C:\Program Files\SpywareBlaster 2007-04-27 13:12:05 0 d-------- C:\Program Files\SpywareGuard 2007-04-27 13:10:37 0 d-------- C:\Program Files\PhoTags Express 2007-04-27 13:09:04 0 d-------- C:\Program Files\Microsoft IntelliType Pro 2007-04-27 13:09:01 0 d-------- C:\Program Files\Microsoft IntelliPoint 2007-04-25 15:50:37 58848 --a------ C:\Documents and Settings\Bob\Application Data\GDIPFONTCACHEV1.DAT 2007-04-23 14:20:17 0 d-------- C:\Program Files\Java 2007-04-19 12:31:22 0 d-------- C:\Program Files\Kyodai Mahjongg 2006 2007-04-19 12:31:21 0 d-------- C:\Program Files\MediaFACE II 2007-04-19 12:31:09 0 d-------- C:\Program Files\Windows Media Connect 2 2007-04-19 12:31:09 0 d-------- C:\Program Files\RapidComm 2007-04-19 12:31:08 0 d-------- C:\Program Files\Messenger 2007-04-19 12:31:06 0 d-------- C:\Program Files\123CopyDVD 2007-04-02 20:07:08 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-03-30 15:20:01 0 d-------- C:\Program Files\AviSynth 2.5 2007-03-26 17:04:21 0 d-------- C:\Program Files\Excla Inc 2007-03-19 21:53:27 5 --a------ C:\WINDOWS\system32\SySRip.dat 2007-03-19 21:51:17 0 d-------- C:\Program Files\NCH Swift Sound 2007-03-19 21:51:17 0 d-------- C:\Documents and Settings\Bob\Application Data\NCH Swift Sound 2007-03-18 20:30:49 353 --a------ C:\WINDOWS\PowerReg.dat 2007-03-18 20:23:42 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-03-16 09:12:42 0 d-------- C:\Program Files\CCleaner 2007-03-15 15:36:23 0 d-------- C:\Documents and Settings\Bob\Application Data\RipIt4Me 2007-03-09 19:04:46 0 d-------- C:\Program Files\Ahead 2007-03-09 18:51:20 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-07 13:13:05 0 d-------- C:\Program Files\AvRack 2007-03-07 12:33:24 0 d-------- C:\Program Files\Web Publish 2007-03-07 12:26:50 0 d-------- C:\Program Files\Common Files\Broderbund 2007-03-07 12:26:22 0 d-------- C:\Program Files\Broderbund 2007-03-06 14:22:25 0 d-------- C:\Documents and Settings\Bob\Application Data\Uniblue 2007-02-28 19:31:19 1024 --a------ C:\Documents and Settings\Bob\Application Data\WavCodec.wff 2007-02-23 21:29:14 384 --a------ C:\Documents and Settings\Bob\Application Data\internaldb6334.dat 2007-02-18 14:51:54 194 --a------ C:\Documents and Settings\Bob\Application Data\internaldb8467.dat 2007-02-18 14:51:54 18432 --a------ C:\Documents and Settings\Bob\Application Data\internaldb41.dat 2007-02-14 14:52:53 68939 --a------ C:\WINDOWS\hpoins05.dat 2007-02-08 02:12:38 98304 -----n--- C:\WINDOWS\system32\a_jumtmp.dll -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart" "YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe" "type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\"" "CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ATI CATALYST System Tray.lnk" "backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray" "item"="ATI CATALYST System Tray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk" "backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s" "item"="HP Image Zone Fast Start" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Lotus QuickStart.lnk" "backup"="C:\\WINDOWS\\pss\\Lotus QuickStart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\lotus\\wordpro\\ltsstart.exe " "item"="Lotus QuickStart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk" "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk] "path"="C:\\Documents and Settings\\Bob\\Start Menu\\Programs\\Startup\\Trend Micro Anti-Spyware.lnk" "backup"="C:\\WINDOWS\\pss\\Trend Micro Anti-Spyware.lnkStartup" "location"="Startup" "command"="C:\\Program Files\\Trend Micro\\Tmasy\\Tmasy.exe -autostart" "item"="Trend Micro Anti-Spyware" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mimboot" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SOUNDMAN" "hkey"="HKLM" "command"="SOUNDMAN.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Ussshreg" "hkey"="HKLM" "command"="C:\\PROGRA~1\\ULEADS~1\\ULEADP~1\\SSaver\\Ussshreg.exe /r" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YAHOOM~1" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-04-27 at 14 45 ---------
|
|
     |
| Sponsored Links |
|
05-03-2007, 08:19 PM
|
#4 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Was running very very slow until?
Hello pearlhouse and thank you for your patience,
I'm not seeing much in these logs. Can you tell me exactly what AdAware has been finding? Go to Start->Run and type in regedit and hit OK. Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4) Quote:
It should look like this:  Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ---------------------------------------------------------------- Your version of Spybot Search & Destroy is outdated. Please download the newest version: Spybot - Search & Destroy 1.4 Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.
|
|
|
|
|
|
05-06-2007, 09:49 PM
|
#5 (permalink) |
|
Registered User
Join Date: Feb 2005
Location: Brunswick, Ohio
Posts: 95
OS: win xp pro ser pk 2
|
Re: Was running very very slow until?
I'm still running a little slow not to bad now but I don't think I'm running as fast as I should. From time to time some pages just will not load quickly so I have to sit and wait, maybe 5-10 sec. I have DSL which used to be very quick.
Did everything as you suggested. I did the registry thing although I'm not sure what I did but it seemed to follow your instructions. I didn't realize there was a new ver. of spy-bot out there. I assumed when I did "updates" it would notify me of the new version. Glad you detected that. I ran Ad-Aware again and I copied the results into a word doc. thinking I could cut and paste it here but it wont let me do it so I'm attaching the file here as Ad-Aware.doc. Hopefully you can read it ok. Also I found some references to MIRAR again. "Mirar search" "Get Mirar" Something new but I'm not sure if its related, when I click my mouse to select an item or double click to open something I can make about 3-4 successful clicks in a row OK then the next click will not register and nothing happens. If I keep clicking the same item it eventually will register what I was trying to do. Its like it loads up these clicks and then it cant take anymore until It gets rid of the older clicks to make room for the newer ones. I hope you can understand my description of this problem. Then I may be good for 3 or 4 more clicks and it happens again. I'm using a Microsoft cordless mouse and keyboard so I checked my signal and it says OK and I even replaced the batteries in both. But I'm still having the same problem. Thanks for all the help. Bob 
|
|
|
|
|
05-07-2007, 04:49 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Was running very very slow until?
Hi Bob,
Upload this file C:\WINDOWS\system32\a_jumtmp.dll to http://virusscan.jotti.org and report back what it found. At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the blue text from above into the box. Then click "submit". When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here. If the site is too busy, upload it here http://www.virustotal.com/en/indexf.html ------------------------------------------------------------- AdAware is only reporting tracking cookies. Most of those are easily blocked by installing IESpyAd: IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
The regfix I had you make, simply removed the Need2Find registry entry from your system. ------------------------------------------------------------- I'm not finding any malware. Let's try invoking Windows File Protection. Click Start>Run and type in sfc /scannow (there is a space between sfc and /) and let it scan for missing/corrupt files. This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. If it finds any problems, it will prompt you for the Windows XP Install disc so have it handy. Let me know if it found anything. Also post the results of the jotti scan |
|
|
|
|
05-10-2007, 11:42 AM
|
#7 (permalink) |
|
Registered User
Join Date: Feb 2005
Location: Brunswick, Ohio
Posts: 95
OS: win xp pro ser pk 2
|
Re: Was running very very slow until?
IE-SPYAD was already installed on this PC but when I attempted to install it again it notified me that my old installation was out of date and then I let it uninstall it first and then installed the new verision as you stated.
I also invoked the windows file protection as you suggested. It immediatelly asked for my win XP disk and then it took quite a while for it to complete its thing. There was no notification that it found anything. I restarted the PC and got an error msg: The following file is missing or corrupted: C:\windows\IFHELP.SYS The following file is missing or corrupted: C:\sindows\system\vmm32.vxd Type the name of the windows loader (e.g., C:\windows\skystem\vmm32.vxd) I typed in C:\windows\skystem\vmm32.vxd and hit enter and got the same msg back. So I guess I didnt understand what it was asking for. I turned the computer off and then restarted and it booted normaly but at the begining of the boot there was 1 extra screen with a line about updateing files. It still is not accepting my mouse clicks about 75% of the time. I must click several times before it finally accepts. This getting really weird. Ok heres the results of the Jotti scan: Looks like it didnt find anything. Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Service Service load: 0% 100% File: a_jumtmp.dll_ Status: OK MD5 52296d1b7a9a78a13969f2a263b1c5ba Packers detected: - Scanner results Scan taken on 10 May 2007 16:29:05 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
05-10-2007, 09:03 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Was running very very slow until?
Your issues are OS related--not malware. As such, you would be better served discussing these issues in the Windows XP section of this forum.
|
|
|
|
| Thread Tools | |
|
|
