• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
vinesun

Random popups

18 posts in this topic

Lately I've been getting lots of random popups regardless of whether there's a browser window open or not. I probably have lots of other spyware/adware and stuff. help!

 

Logfile of HijackThis v1.97.7

Scan saved at 7:59:46 PM, on 6/6/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\ggviewer67-32.exe

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\WScript.exe

C:\WINDOWS\System32\DllHost.exe

C:\Program Files\NavNT\DWHWIZRD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ola.NEWCOMPUTER\Desktop\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

O1 - Hosts: 216.40.230.4 alpha.kazaa.com

O1 - Hosts: 216.40.230.4 shop.kazaa.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2d786108-33c5-476b-bf0f-cc811e842d51} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O3 - Toolbar: (no name) - {1e7f9617-4c6f-4923-875f-6acd8b102a30} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iE Privacy KeeperH] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O4 - Global Startup: Search.vbs

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.line6.net

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://www.microsoft.com/sdccommon/download/tgctlins.cab

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {18B01F09-2965-11D3-9461-00A0C9B1E042} (FunnyVoiceCtl Class) - http://www.kiddonet.com/kiddonet/cards/FunnyVoice.ocx

O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1194e4a386418aa21400/netzip/RdxIE6.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002082...all/xscan53.cab

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/Th...stallHelper.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7611.3726736111

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (RavOnline Control) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_12_0.cab

O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

Share this post


Link to post
Share on other sites

Hi vinesun.

Looks like there is a bit of work to do.

 

First:

I would strongly suggest that you make a printout of any instructions, deletions, or corrections we recommend, to refer to as you work. I find that is easier than trying to remember everything. Also , you can check off each item as it is finished and not worry about missing something.

 

Next:

You are running hijackthis from your desktop, this is not a good idea because when we do a fix hijackthis will create backups and they will be spread all over your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract hijackthis into the folder you have created and run it from there. When you have done that, delete the copy of hijackthis that you have on your desktop

 

Next:

Can you please download the Spybot S&D program from here Spybot S&D 1.3 and install it.

  • Select Search for updates.
  • Then select all available updates that are displayed in the white box.
  • Select a download mirror nearest your location.
  • Then select Download updates .
  • Shut down and restart Spybot.
  • Select the Search and destroy icon and click on Check for Problems.
  • Delete/fix anything that spybot lists In RED.

While spybot is running, a counter will be displayed in the lower left corner like xxxx/13734. There are currently about 13734 detections.

 

Next:

Download Ad-Aware at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

 

Press "Scan Now"

 

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

 

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"

 

If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

 

Finally, close Ad-Aware, and reboot.

 

 

Next:

Run Hijack This again and place a check beside the following entries. Please note any messages I may have placed with them. Close all windows, except HJT and press Fix.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

 

 

O1 - Hosts: 216.40.230.4 desktop.kazaa.com

O1 - Hosts: 216.40.230.4 alpha.kazaa.com

O1 - Hosts: 216.40.230.4 shop.kazaa.com

O2 - BHO: (no name) - {2d786108-33c5-476b-bf0f-cc811e842d51} - (no file)

O3 - Toolbar: (no name) - {1e7f9617-4c6f-4923-875f-6acd8b102a30} - (no file)

O4 - Global Startup: Search.vbs

 

 

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1194e4a386418aa21400/netzip/RdxIE6.cab

O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx

 

 

All the following items are Users choice:

 

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common

 

Information concerning disabling this is available at the following URL.

http://www.mikescomputerinfo.com/TkBellExe.htm

Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

 

 

Fixing these in HJT will only prevent them from starting at bootup and make starting a bit faster.

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

 

This item 015. If you do not know why it is listed in the trusted zone, then feel free to let HJT fix it. If you did not place it in the trusted zone yourself, it could have been placed there by a parasite and should be removed.

O15 - Trusted Zone: *.line6.net

 

 

Next: When finished with everything above, please run Hijack This again and post a fresh log here so we can see if anything more needs to be done.

It would also be a good time for you to make any comments concerning how your machine is operating.

 

Be sure to check back after posting the final log,after we have had an opportunity to look it over, to see if anything more needs to be done.

 

There are new Critical updates available from Microsoft. Now would be a good time to pay them a visit.

 

For your Protection - It is suggested that you download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. http://www.javacoolsoftware.com/spywareblaster.html

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

Both are very small free programs that you run once, and then just occasionally to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Thank you very much...below is my new logfile.

 

Also, concerning system performance, there actually is something that I have a question about. For some reason when I boot my computer nothing works for about 2-5 mins and then suddenly everything kicks in, when the startup sound finally plays. If i try to do anything before that, I either get an error message concerning Generic Win Host Processes (not sure on the wording; it hasn't happened in awhile) or that 2-5 mins is extended to about 10 mins (but I restart before then). Is this a malware problem too? I really appreciate your help.

 

Logfile of HijackThis v1.97.7

Scan saved at 4:14:34 PM, on 6/10/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\Program Files\Google\ggviewer67-32.exe

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe

C:\WINDOWS\System32\ctfmon.exe

C:\program files\aim\aim.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\WINDOWS\System32\DllHost.exe

C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

C:\WINDOWS\explorer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iE Privacy KeeperH] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl

O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.line6.net

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://www.microsoft.com/sdccommon/download/tgctlins.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {18B01F09-2965-11D3-9461-00A0C9B1E042} (FunnyVoiceCtl Class) - http://www.kiddonet.com/kiddonet/cards/FunnyVoice.ocx

O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002082...all/xscan53.cab

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/Th...stallHelper.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7611.3726736111

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (RavOnline Control) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_12_0.cab

O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

Share this post


Link to post
Share on other sites

Hello vinesun.

Lets see if we can do anything about your poor performance issues.

 

RE-Run HijackThis and place a "check" next to each entry listed below and hit the "Fix Selected" button. Please note that the order of these selections may have changed and some may no longer be present, due to being deleted by one of the programs we have ran previously.

Also, please close all windows including this one BEFORE FIXING WITH HJT.

 

 

 

The following are users choice,to fix with HJT or keep as you wish.

They are resource hogs , which can be started manually if needed.

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

 

 

Refrence your poor system performance issues.

Did you run both Ad-Aware and Spybot S&D ? If not then you should do so. Each will find things the other does not. Be sure to update both as in the previous instructions before running and REBOOT each after it finishes.

 

In addition you should get both an online scan for viruses and for Trojans.

 

Choose one of these, they are online virus scanners,

run one of them and have them fix anything they find.

 

Panda

http://www.pandasoftware.com/activescan/co...n_principal.htm

 

Trend Micro

http://housecall.trendmicro.com/housecall/start_corp.asp

 

The following is an online Trojan Scan.

http://scan.sygatetech.com/pretrojanscan.html

 

Please use Ad-Aware, Spybot S&D and the online Virus and Trojan scans.

 

THEN REBOOT AND POST A FRESH HJT LOG HERE.

 

Hopefully doing all these things will show some system improvement.

By the way , is your google popup stopper operational in your Google Tolbar ?

Share this post


Link to post
Share on other sites

thank you for your help...I Ran Spybot & Ad-Aware a second time; both came up with nothing. Neither did the virus and trojan scans. I am using the Google popup blocker and there have been no problems with it. The random popups are nowhere near as much as before (only one or two); I just wasn't expecting any. Startup is still slow, though.

 

Logfile of HijackThis v1.97.7

Scan saved at 7:20:10 PM, on 6/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\ggviewer67-32.exe

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\Hijack This\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [iE Privacy KeeperH] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -silent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.line6.net

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://www.microsoft.com/sdccommon/download/tgctlins.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {18B01F09-2965-11D3-9461-00A0C9B1E042} (FunnyVoiceCtl Class) - http://www.kiddonet.com/kiddonet/cards/FunnyVoice.ocx

O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002082...all/xscan53.cab

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/Th...stallHelper.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7611.3726736111

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (RavOnline Control) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_12_0.cab

O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

Edited by vinesun

Share this post


Link to post
Share on other sites

Hi vinesun.

Just a note to let you know you haven't been forgotten. I'm running a bit behind but will be looking at your log soon. Thank you for your patience.

Share this post


Link to post
Share on other sites

Hello vinesun.

 

You might want to print this to refer to.

 

 

Well, I'm sorry to say that I don't know of any popup blocker that will stop everything. A lot depends on the sites you visit as to the number and type of popups that occur. If you find that visiting a certain site causes you to get porno or other undesirable popups,about all you can do is stay away from it.

These days it is almost impossible to get on the internet without running into at least a few popups, even from highly respected sites. Thats how they get their operating capital, regretably.

 

You could look in your Task Manager ( control/Alt/Delete) and see if you have anything that is taking up a large amount of resources and include those findings in your next post. Be cautious about what you stop. If you don't know what it is just leave it alone and report it here. We have a lot of experts and they'll know if a program should be removed, or is a keeper.

 

When asked,a resident expert tells me that Norton is big and bulky and will slow a system somewhat. But what you describe is a serious system slowdown, so it doesn't seem likely that Norton would be the total problem.

 

One important point , are you using the newest Spybot S&D ? Specifically 1.3, if not,please download the new 1.3 . Updating version 1.2 is not possible.

I hate to seem like I'm hammering on this point,but it is extreemly important that both Ad-Aware and Spybot S&D be updated before they are run. You would be surprised how many fail to do so. It is equally important to Reboot after using each of them, so they can finish doing their job.

 

 

RE-run Hijack This and if you wish to fix with Hijack This, place a "check" next to each entry listed below and hit the "Fix Selected" button. Please note that the order of these selections may have changed and some may no longer be present, due to being deleted by one of the programs we have ran previously.

Also, please close all windows including this one BEFORE FIXING WITH HJT.

 

THEN REBOOT AND POST A FRESH HJT LOG HERE.

 

Please notice that all the recommendations below are completely optional.

 

The following is a quote from one of our resident experts.

"PeerGuardian may be a problem if the user is running it instead of a full scale firewall, or running it with another firewall at the same time...

"

That, for me is not a very good recommendation for the Program.

Personally, I wouldn't get on the internet without a full scale firewall and I also use a Linksys hard wired Router,for added protection. Zone Alarm has a very good firewall and they even have a good version that is totally free. But, please do not try to use two firewalls at the same time.

 

Please understand that these are all user options,to fix or to keep.

 

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

 

Are you sure that you know what this 015 is ? And if not it can safely be fixed with HJT.

O15 - Trusted Zone: *.line6.net

 

Look closely at all your 016s.Any with which you are not familiar ?

If so then you can safely fix them with HJT and should you visit that site again they will be re-loaded, with the exception of the following 016s. These two will not reload when visiting the site, but may , if you wish, be fixed with HJT.

 

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

Share this post


Link to post
Share on other sites

Ok...I know that it's impossible to stop every popup, it's just that the popups seem not to be coming from the particular sites that I am visiting (e.g. timing, content). Basically, things simply aren't as they used to be (I've had Google Toolbar for quite some time now), not that I was expecting zero popups. They are so few and far between now, however, that it's not a problem anymore. Regarding system slowdown, I'm really not sure what the problem might be because it's only bootup that is slow (everything works normally after that initial 5 mins) and it happened suddenly; it's not as if I installed something such as Norton and that was the beginning of the problem. Everything, essentially, is the same as it was before the problem. It's not as severe, though, now that I've disabled those programs that ate up resources. I am positive that I am using the current versions of Spybot S&D and Ad-Aware as I did have the older version of Spybot and I noticed that it failed to find any updates whatsoever. And, I've been scrutinizing my 016s everytime and nothing has appeared to be out of the ordinary (and I do know what that O15 is).

 

Anyhow, I don't know how this might factor into the mix, but I was going through Add/Remove programs and I discovered "Ultimate Br owerser Enhancer.exe" which, through Google, I found to be a lop variant. I couldn't find any registry keys related to it so I looked at my Spybot and Ad-Aware backups and I found that something related to lop had been removed back in February. I'm curious as to why something showed up in Add/Remove programs...I can't be absolutely positive but I go through Add/Remove relatively often and I'm 98% sure it wasn't there before...

 

Here is my new log but even my untrained eye sees nothing out of the ordinary.

 

Logfile of HijackThis v1.97.7

Scan saved at 3:37:03 PM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\ggviewer67-32.exe

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\DllHost.exe

C:\Hijack This\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.line6.net

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://www.microsoft.com/sdccommon/download/tgctlins.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/s...119/CTSUEng.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {18B01F09-2965-11D3-9461-00A0C9B1E042} (FunnyVoiceCtl Class) - http://www.kiddonet.com/kiddonet/cards/FunnyVoice.ocx

O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {3FC76754-41A5-11D2-9370-00A0C9B1E042} (ColoringCtl Class) - http://www.kiddonet.com/lapware/actmenu/co...ng/Coloring.ocx

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002082...all/xscan53.cab

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/Th...stallHelper.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab

O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7611.3726736111

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...5/Installer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (RavOnline Control) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_12_0.cab

O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/s...12119/CTPID.cab

Share this post


Link to post
Share on other sites

Hello again vinesun.

 

After consulting with one of our resident experts, here are some comments.

 

A five minuite or longer delay on startup usually means a software or hardware problem. However, there are some things we could try now, in an attempt to reduce the problem.

 

The 015. It really is not enough just to know what it is, but you must be sure it can be completly trusted, since it has full access to your system.

If you are not totally confident it is safe, then it should be fixed with HJT.

 

Regarding your 016s. I would recommend fixing them all with Hijack This, with the exception of the two that will not renew when re-visiting those sites.

Namely the two following should be kept and NOT fixed with HJT,unless you determine otherwise. Please consider them an optional fix.

 

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

 

There is also some concern regarding the following. So,unless you are confident it is safe,it too should be fixed with HJT. I am including it to be fixed as an optional, for you to determine its fate.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

----------------------------------------------------------------------------

 

RE-Run HijackThis and place a "check" next to each entry listed below and hit the "Fix Selected" button.

Also, please close all windows including this one BEFORE FIXING WITH HJT.

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

 

 

All 016 entries, with the exception of the two 016s that are Optional.

 

 

 

 

Below,find the OPTIONAL HJT fixes as discussed above,to fix at your disgression.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

 

O15 - Trusted Zone: *.line6.net

 

 

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

 

THEN REBOOT AND POST A FRESH HJT LOG HERE.

Share this post


Link to post
Share on other sites

My new log:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:21:40 PM, on 6/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\ggviewer67-32.exe

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Hijack This\HijackThis.exe

C:\WINDOWS\System32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.line6.net

O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab

 

Adelphiapowerpage.com is simply my home page and line6.net has to do with some software (that I know is safe) that I have. And...once again, thanks a lot for your help.

Share this post


Link to post
Share on other sites

Hello vinesun.

 

How is your machine now,on boot up ? Hopefully, some better.

 

Is there anything you can tell me about the following 08 ?

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

If so, please include it in your next post.

 

 

Since you say you have stopped some programs from starting on boot up and that helped some, are there others, that are not essential,that could also be slowing boot up ? Might not hurt to have a close look and see if there are others you could deal with in a similar manner.

 

 

I did notice something that may be a problem, a possible welchia worm, but can't be positive. Lets try a removal tool, just to be on the safe side,at the following link.

 

http://vil.nai.com/vil/stinger/

 

Please note that using this tool requires you to turn off System Restore. For your information, doing so will cause you to lose all Restore points and will require you to set a new restore point after you turn SR on again. The thought being that a Virus could be hiding in SR , so it will restore itself into your system when you use System Restore.

 

It might also be a good idea to empty your temporary internet files and possibly delete the cookies accumulated, unless you want to keep cookies, so you dont have to sign in at places that it is required.

Temporary internet files can cause problems if not cleaned from the system on a regular basis, especially if you surf the net a lot. I'll give you the way, in case you aren't familiar with it.

Tools>Internet options--click on "clear history" then on yes. Then on "Delete Files"and click in the small box for " Delete all offline content.

 

Click on "Cookies" if you wish , to clean them out also. Then "okay" your way out.

 

 

After doing so I would also recommend that you do a full backup of everything important to you, especially your personal files and settings. If the problem happens to be with the computer itself you could lose everything. Doing a regular backup is always a good idea. It would probably be best to backup somewhere other than to your Hard drive, in case the HD decides to go out on you.

 

You might run Hijack This once more and send a log here, after completing all the above.

Share this post


Link to post
Share on other sites

Alrighty...the O8 is really just a link to a website that shortens URLs.

 

I'd already stopped quite a few programs prior to posting the initial message and I've stopped even more since. There are a couple more that I can fix but all in all, I don't know how much of a difference it will make because...

 

I also thought that I had the welchia worm. In fact, I've been googling a few things, and it appears to me that I may have that/sasser/msblaster/something related to one or more of these. However, Stinger did not find a single thing. Plus, my "symptoms" aren't exactly like those described for the above viruses (/trojans/worms?), which is baffling me a bit. I am almost positive that there is something, though, because ZoneAlarm (I should have gotten that a long time ago...)alerted me that LSASS.exe was trying to connect. That points to sasser, but I also researched the error message that I sometimes get (Generic Host Process for Win32 Services) and that pointed to Welchia. If that is the case, neither of them are manifesting themselves like they "usually" do and are not being caught by any anti-virus software. I would say that it could be a new variant except for the fact that this problem has persisted since April. However, I obviously don't know much or I would have fixed this long ago.

 

 

Ok, I can see that this is no longer a spyware problem. Can I still get help for this or does it no longer belong on this board?

 

Thank you very much.

 

p.s. I empty my temporary internet files and my cookies almost religiously--at least once a day.

Share this post


Link to post
Share on other sites

Hi vinesun.

 

Lets try something a bit differant.

 

 

Start Hijack This and create a Startup list. Here's how: Click on "CONFIG" then

 

Choose "MISC TOOLS". Then choose "Generate a Startup list" and post the results here.

 

We'll get an expert to have a look and will post back with your results.

 

 

Really sorry it has taken so long to get back to you. We've had some problems and the forum is a bit out of kilter. Hopefully it will be corrected soon.

Share this post


Link to post
Share on other sites

Here it is...

 

StartupList report, 6/18/2004, 12:09:32 AM

StartupList version: 1.52

Started from : C:\Hijack This\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

C:\Program Files\NavNT\vptray.exe

C:\Program Files\ahead\InCD\InCD.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Google\ggviewer81-22.exe

C:\Program Files\AIM\aim.exe

C:\WINDOWS\System32\DllHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Ola.NEWCOMPUTER\Start Menu\Programs\Startup]

Semagic.lnk = C:\Program Files\Semagic\LiveJournalU.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NeroCheck = C:\WINDOWS\system32\NeroCheck.exe

SideWinderTrayV4 = C:\PROGRA~1\MICROS~3\GAMECO~1\common\swtrayv4.exe

vptray = C:\Program Files\NavNT\vptray.exe

InCD = C:\Program Files\ahead\InCD\InCD.exe

HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

WINDVDPatch = CTHELPER.EXE

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

WinampAgent = C:\Program Files\Winamp\winampa.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

PeerGuardian = C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - c:\windows\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Norton SystemWorks One Button Checkup.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 6,233 bytes

Share this post


Link to post
Share on other sites

vinesun

 

Below see a quote from one of our experts.

----------------------------------------------------------------------------------------------

This is the only thing I can see in there that worries me... Ask the user if she would be willing to remove it and restore later if it turns out not to be the problem....

 

PeerGuardian = C:\Program Files\PeerGuardian\PeerGuardian_1.99b_pr14.exe

----------------------------------------------------------------------------------------------

 

There is no need to decide now, unless you want.

Notice that the forum will close later tonight for maintinance, so if you wish, try that (or not) and reply tomorrow , or after you have had time to evaluate things, that will be fine.

 

Again, thank you for being so patient.

Share this post


Link to post
Share on other sites

I'm very sorry that I haven't replied yet--i've been away for the past few days.

 

Anyhow, I seem to have solved my problem through one of two things: I deleted the user account on which almost everything is done (transferring files over to a new one) and I disabled an audio device that was apparently malfunctioning (I thought I had uninstalled it but on a whim I decided to check out my device manager).

 

The reason I deleted the user account was because removing the audio device did not seem to fix things; however I think that was because it partially reinstalled after I restarted the computer. Anyhow, everything seems okay now--maybe a combination of those things did the trick. Thank you very, very much for all of your help!

 

[edit] p.s. I uninstalled PeerGuardian sometime ago so I'm assuming that the registry entry wasn't removed or something. Anyway, with the changing of accounts it isn't there anymore.

Edited by vinesun

Share this post


Link to post
Share on other sites

vinesun

The delay was not a problem for anyone.

We are just pleased your problem has been solved, however it was done.

It has been a pleasure working with you and if you ever have a problem again please do not hesitate to come here.

 

It is we who would like to thank you, for letting us know the end result and what could have possibly been the underlying difficulty. So many do not reply to let us know, so we are left in limbo, not knowing if the problem was solved or what .

 

Again, it has been a pleasure.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0