• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ukr

ukr

6 posts in this topic

Ok my problem is very similar to the one in this URL

 

http://www.spywareinfoforum.com/index.php?showtopic=6609

 

In addition while using the sasser worm removal tool I remembered that I now have no restore points and if I make a new one THAT is the only one I have and in a day or so that will be unavilable.

 

my logs are now like this after running several spyware removal ttols and despite this I still get this consistant slow down and if I am typing no characters appearing on screen for a few seconds until I get controlk of the PC back again.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:42:31, on 16/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\taskswitch.exe

D:\Program Files\Messenger Plus! 2\MsgPlus.exe

D:\WINDOWS\StartupMonitor.exe

D:\Program Files\DU Meter\DUMeter.exe

D:\WINDOWS\System32\sstray.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

D:\WINDOWS\System32\RUNDLL32.EXE

D:\WINDOWS\anvshell.exe

D:\Program Files\SSC Service Utility\ssc_serv.exe

D:\Program Files\SSC Service Utility\ssc_serv.exe

D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

D:\WINDOWS\system32\javaw.exe

D:\Program Files\Silicon Image\Java SATARaid\SiITray.exe

D:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\Program Files\Executive Software\Diskeeper Administrator\Controller\AdminServer.exe

D:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Norton AntiVirus\SAVScan.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\System32\svchost.exe

F:\i drive\polaris2000\mirc32.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\Andy\My Documents\Hijackthis\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rc-kids.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rc-kids.co.uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\WS_FTP Pro\wsbho2K0.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [Device Detector] "D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [LiveNote] livenote.exe

O4 - HKLM\..\Run: [sSC Service Utility] D:\Program Files\SSC Service Utility\ssc_serv.exe /s

O4 - HKLM\..\Run: [CloneCDTray] D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Java SATARaid.lnk = D:\Program Files\Silicon Image\Java SATARaid\run.bat

O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx

 

 

 

any advice appreciated/

Edited by ukr

Share this post


Link to post
Share on other sites

I fogot to mention that if I try and play a music file I keep getting , every 30 to 40 seconds a slowdown so the music file acts like an old 45 recond player with stylus sticking. It is CONSTANT though and usually alwasy 3 repeats of what secion /line is playing and then it continues ok.

Share this post


Link to post
Share on other sites

latest log file here after following some instrutions regrading spybot and addaware etc.

 

Logfile of HijackThis v1.97.7

Scan saved at 13:11:10, on 16/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\taskswitch.exe

D:\Program Files\Messenger Plus! 2\MsgPlus.exe

D:\WINDOWS\StartupMonitor.exe

D:\Program Files\DU Meter\DUMeter.exe

D:\WINDOWS\System32\sstray.exe

D:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\Program Files\QuickTime\qttask.exe

D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

D:\WINDOWS\System32\RUNDLL32.EXE

D:\WINDOWS\anvshell.exe

D:\Program Files\SSC Service Utility\ssc_serv.exe

D:\Program Files\SSC Service Utility\ssc_serv.exe

D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

D:\WINDOWS\system32\javaw.exe

D:\Program Files\Silicon Image\Java SATARaid\SiITray.exe

D:\Program Files\MSN Messenger\MsnMsgr.Exe

D:\Program Files\Executive Software\Diskeeper Administrator\Controller\AdminServer.exe

D:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Norton AntiVirus\navapsvc.exe

D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Norton AntiVirus\SAVScan.exe

D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\Andy\My Documents\Hijackthis\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rc-kids.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rc-kids.co.uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\WS_FTP Pro\wsbho2K0.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on

O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [Device Detector] "D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [LiveNote] livenote.exe

O4 - HKLM\..\Run: [sSC Service Utility] D:\Program Files\SSC Service Utility\ssc_serv.exe /s

O4 - HKLM\..\Run: [CloneCDTray] D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Java SATARaid.lnk = D:\Program Files\Silicon Image\Java SATARaid\run.bat

O8 - Extra context menu item: &ieSpell Options - res://D:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://D:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: FlashGet (HKLM)

O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)

O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx

Share this post


Link to post
Share on other sites

I know you are all busy but can someone tell me if I have posted enough info to let you know what the problem maybe??

 

I have one more item to add and that is I can NOT create a restore point and I do have restore activated so is there a virus or hijack that will attck the ability to recover to an earlier date.

 

Would seem sensible to me if I were a programmer trying to do the dirty but is it possible???

 

Thanks in advance

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0