Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log And Adspy Log


  • Please log in to reply
6 replies to this topic

#1 racingfan

racingfan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 27 July 2007 - 01:28 PM

Hello,
I've noticed that my Browser had slowed considerably. I ran Adaware SE and found two "Data Miners", one of which had 87 hits! The other had only 2 hits. I removed both. Next, I ran HijackThis and found two 017 Domain Hijack entries. I saved the log and then removed both 017 entries. I then ran Adspy from the "misc. tools" section of HJT and found alot of stuff. Some of it I understand, like the "Favicon" entries. But I also found alot of entries that say "Encryptable" and "Zone.Identifier". I do not know what those mean. I removed all of them but one entrie will not remove. I get a message saying that "it may be locked by another program". I am including both log files. Thanks for any help!

Logfile of HijackThis v1.99.1
Scan saved at 1:48:13 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140648461066
O17 - HKLM\System\CCS\Services\Tcpip\..\{1731F013-5B3E-4C7B-8850-683E31BC972A}: NameServer = 65.196.203.193 65.196.203.194
O17 - HKLM\System\CS3\Services\Tcpip\..\{1731F013-5B3E-4C7B-8850-683E31BC972A}: NameServer = 65.196.203.193 65.196.203.194
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

Adspy log:
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\Favorites\Earl's Performance Plumbing.url : favicon (2862 bytes)
C:\Documents and Settings\**\Favorites\eBay.url : favicon (1406 bytes)
C:\Documents and Settings\**\Favorites\Google.url : favicon (1406 bytes)
C:\Documents and Settings\**\Favorites\h-body.org.url : favicon (1406 bytes)
C:\Documents and Settings\**\Favorites\Hoosier Lottery.url : favicon (1150 bytes)
C:\Documents and Settings\**\Favorites\Links\ARIN WHOIS Database Search.url : favicon (894 bytes)
C:\Documents and Settings\**\Favorites\Links\Consumer Sentinel.url : favicon (2238 bytes)
C:\Documents and Settings\**\Favorites\Links\Federal Trade Commission - Home.url : favicon (2238 bytes)
C:\Documents and Settings\**\Favorites\Links\Indiana Offender Database Search.url : favicon (1150 bytes)
C:\Documents and Settings\**\Favorites\Links\Lancers Reactor Your Guide to the Galaxy.url : favicon (2238 bytes)
C:\Documents and Settings\**\Favorites\Links\National White Collar Crime Center.url : favicon (1150 bytes)
C:\Documents and Settings\**\Favorites\Links\USPS - Track & Confirm.url : favicon (894 bytes)
C:\Documents and Settings\**\Favorites\MSN.com.url : favicon (1406 bytes)
C:\Documents and Settings\**\Favorites\PayPal.url : favicon (1406 bytes)
C:\Documents and Settings\**\Favorites\Summit Racing - High Performance.url : favicon (1406 bytes)
C:\Documents and Settings\**\Local Settings\Application Data\Microsoft\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\6-5_xp-2k_dd_32464.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\avg75free_432a904.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\avgarkt-setup-1.1.0.42.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\BeginnerandExpertSystems.zip.flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\ccsetup134.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\CFP_Setup_English_2.4.18.184.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\chipsstoryversion.zip(1).flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\dbg_x86_6.6.07.5.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\flmminstaller.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\FLMMInstaller_v14_beta4.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\flpatch.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\Google Pack Installer.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\HijackThis.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\Improved_and_DeathwishAI\Improved_and_DeathwishAI\Deathwish AI.zip.flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\Improved_and_DeathwishAI\Improved_and_DeathwishAI\Improved AI.zip.flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\instcdst.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\NewSystemsMod_byMad_Man.zip.flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\NHRAQMSUpd1002.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\OpenSPLite.zip.flmod : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\ProcessExplorer\Eula.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\ProcessExplorer\procexp.chm : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\ProcessExplorer\procexp.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\ProcessExplorer.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\spybotsd14.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\stinger.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\downloads patches\visionsetup.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\funnies\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\cars\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\IMS\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\response.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\stuff\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\Misc. Pics\Wheels\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\My Albums\FamPics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\My Albums\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\My Pictures\mybackgrounds\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\**\My Documents\My Videos\slingshot.wmv : Zone.Identifier (26 bytes)
C:\Documents and Settings\**\My Documents\My Videos\Thumbs.db : encryptable (0 bytes)
C:\HijackThis\HijackThis.exe : Zone.Identifier (26 bytes)
C:\Program Files\Microsoft Games\Age of Empires II\Avi\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Microsoft Games\Freelancer\EXE\content.dll : Zone.Identifier (26 bytes)
C:\Program Files\Movie Maker\shared\Thumbs.db : encryptable (0 bytes)
C:\Program Files\VIA\RAID\drvInterface.dll : Zone.Identifier (26 bytes)
C:\Program Files\VIA\RAID\raid_tool.chm : Zone.Identifier (26 bytes)
C:\Program Files\VIA\RAID\raid_tool.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\0X0409.INI : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\165x300.bmp : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\500x60.bmp : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\asia.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\AMD64\2003x64\viamrx64.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\AMD64\2003x64\VIAMRX64.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\AMD64\2003x64\viamrx64.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\AMD64\txtsetup.oem : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\AMD64\VIAMRX64 : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\NT4\viamraid.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\NT4\viamraid.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\NT5\viamraid.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\NT5\VIAMRAID.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\NT5\viamraid.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\txtsetup.oem : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\i386\VIAMRAID : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\drvdisk\txtsetup.oem : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\english.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\europe1.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\europe2.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\europe3.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\europe4.slf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\INSTMSIA.EXE : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\INSTMSIW.EXE : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\ISSCRIPT.MSI : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\LICENSE.MLF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\PCIENUM.SYS : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\Platform.msi : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\component.cif : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\RaidUtl.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\RaidUtlNT.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\Utility\raid_tool.chm : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\Utility\raid_tool.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\Utility\Win2000-xp\drvInterface.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\Utility\Win98-me\drvInterface.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\RaidTool\Utility\Winnt40\drvInterface.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\Readme.htm : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\SETUP.EXE : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\Setup.ini : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\Setup.iss : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\SETUP.MLF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\AGPDrv9x.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\AGPDrvME.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\AGPDrvNT.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Svr2003\viaagp1.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Svr2003\VIAAGP1.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Svr2003\viaagp1.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win2000\viaagp1.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win2000\VIAAGP1.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win2000\viaagp1.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win95\viagart.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win95\VIAGART.VXD : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win98_Me\VIAAGPS.REG : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win98_Me\VIAAGPV.REG : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win98_Me\VIAGART.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\Win98_Me\VIAGART.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\WinXP\viaagp1.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\WinXP\VIAAGP1.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\WinXP\viaagp1.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\X64\viaagp1.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\X64\viaagp1.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\DRIVER\X64\VIAAGP1.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\Kompnt.cif : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viaagp\Pnpx64.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\Component.cif : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\win95\VIAMACH.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\Win98\VIAMACH.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\Win98SE\VIAMACH.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\WinMe\VIAMACH.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\WINNT5\VIAMACH.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\WINNT5\vmachx64.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\driver\WINNT5\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\INFDrv.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\INFDrv9x.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viamach\Infx64.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\win9x\VIAMRAID.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\win9x\viamraid.mpd : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\winnt40\viamraid.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\winnt40\viamraid.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\winxp\viamraid.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\winxp\VIAMRAID.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\winxp\viamraid.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\x64\viamrx64.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\x64\VIAMRX64.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIARAID\driver\x64\viamrx64.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\viasetup.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\component.cif : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\NT4\VIADSK.SYS : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\NT4\VIAIDE.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\NT5\videx32.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\NT5\videx64.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\Win9x\VATAPI.VXD : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\Win9x\VIADSK.CAT : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\Win9x\VIAVSD.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\WinME\VATAPI.VXD : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\WinME\VIADSK.CAT : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\driver\IDE\WinME\VIAVSD.INF : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\InsStX64.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\MRaid.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\Stor9x.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\VIAStor.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a\VIA_HyperionPro_V510A\VIAStor\VSDINST.dll : Zone.Identifier (26 bytes)
C:\WINDOWS\Driver Cache\via_hyperionpro_v510a.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\inf\oem1.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\inf\oem3.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\Live Picture\Live Picture Viewer\User Interface\3D Viewer\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\Live Picture\Live Picture Viewer\User Interface\FPX Viewer\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\drivers\viamraid.sys : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\viamach.inf : Zone.Identifier (26 bytes)
C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\vmachx86.cat : Zone.Identifier (26 bytes)

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 PM

Posted 10 August 2007 - 11:53 PM

Hi ,

Our apologies for the delay. If you still need help, please post a new log so I can see if anything has changed.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Just a HijackThis log for now please. There is nothing suspicious in the ADSSpy log.

The thing about people

is they change

when they walk away.--Mipso


#3 racingfan

racingfan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 11 August 2007 - 09:19 AM

Thanks Papakid. Here's tha new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:45 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140648461066
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

--
End of file - 3999 bytes

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 PM

Posted 11 August 2007 - 11:24 PM

OK, well, your log is clean. There are many reason why your browser may be slowing down and we'll address some of those and check a little more in depth for malware, but I don't think you have much to worry about there.

My advice to you is that you not fix items with HijackThis if you are just guessing that they may be a problem. I can't tell you if the O17's you fixed were bad or not now because they don't show up in the HJT log after being fixed. The scanner I'll have you run will show me the fixed items tho.

You don't quite have the latest version of Sun's Java installed. For some reason Sun will also leave older versions of Java behind, which is a security risk, because they are unpatched and still can be called on to run. Also some users have reported a significant increase in performance when Java's cache is cleared so let's try this:

Download and install CCleaner.
(Starting with v1.27.260, the standard build installs the Yahoo Toolbar as an option which is checkmarked by default during the installation. IF you do NOT want it, remove the checkmark when provided with the option OR download the toolbarfree Basic version instead.)

*After installation, see the Using and Understanding CCleaner Tutorial.

Run CCleaner to clear out your Java cache and other junk files--I don't trust the issues function, so suggest you leave that button alone for now.

Updating Java:
-Go to Start > Control Panel double-click on the Software icon > Add/Remove programs.
-Search in the list for ALL installed versions of Java. (J2SE Runtime Environment.... )
It should have this icon next to it: Posted Image
-Select each and click Remove.
-Reboot when finished.

-Then Download and install the newest Java version from here: http://www.java.com/en/download/manual.jsp

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The thing about people

is they change

when they walk away.--Mipso


#5 racingfan

racingfan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 12 August 2007 - 11:40 AM

Here are the logs.
Thanks again!

Deckard's System Scanner v20070809.63
Run by Darrell on 2007-08-12 at 12:24:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-12 16:24:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Darrell.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:57 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darrell\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Darrell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toast.net/start/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140648461066
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

--
End of file - 3699 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 DCamUSBDXGTech (Dual-Mode DSC (Video Camera)) - c:\windows\system32\drivers\gt891x1.sys <Not Verified; Grandtech Semiconductor Corp.; Grandtech GT891x DualMode DSC Driver>
R3 GT890x (Dual-Mode DSC (Still Camera)) - c:\windows\system32\drivers\gt890x.sys <Not Verified; Grandtech Semiconductor Corp.; Grandtech USB Camera/Scanner Controller>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: RADEON 9200 - Secondary
Device ID: PCI\VEN_1002&DEV_5941&SUBSYS_20031002&REV_01\4&8CA73A7&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON 9200 - Secondary
PNP Device ID: PCI\VEN_1002&DEV_5941&SUBSYS_20031002&REV_01\4&8CA73A7&0&0108
Service: ati2mtag

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_B0121462&REV_60\3&13C0B0C5&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_B0121462&REV_60\3&13C0B0C5&0&8D
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_71041462&REV_78\3&13C0B0C5&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_71041462&REV_78\3&13C0B0C5&0&90
Service: FETNDISB


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 12:18:41 0 dr-h----- C:\Documents and Settings\Darrell\Recent
2007-08-11 10:13:20 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2007-08-12 12:17:56 0 d-------- C:\Program Files\Common Files
2007-06-27 08:00:05 12290511 -----n--- C:\AVG7QT.DAT
2007-06-19 13:53:52 0 d-------- C:\Program Files\Freelancer Mod Manager
2007-06-19 12:42:22 0 d-------- C:\Program Files\Microsoft Games


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/24/2007 08:57 AM]
"3c1807pd"="C:\WINDOWS\SYSTEM32\3cmlink.exe" [11/18/2005 02:12 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [03/08/2007 11:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=3 (0x3)
"KodakCCS"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2007-08-12 at 12:27:23 ---------

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.48 MiB / 256.43 MiB
Pagefile Memory (total/avail): 1482.18 MiB / 1253.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1977.5 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 128 GiB total, 119.89 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Darrell\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Darrell
LOGONSERVER=\\HOME-DESKTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Darrell\LOCALS~1\Temp
TMP=C:\DOCUME~1\Darrell\LOCALS~1\Temp
USERDOMAIN=HOME-DESKTOP
USERNAME=Darrell
USERPROFILE=C:\Documents and Settings\Darrell
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Darrell (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
ArcSoft PhotoImpression --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Conquest: Frontier Wars [DEMO] --> "C:\Program Files\Ubi Soft Games\Conquest Frontier Wars DEMO\UNINSTAL.EXE" /runtemp /addremove
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Debugging Tools for Windows --> MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
Freelancer --> "C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
I'm Going In --> C:\WINDOWS\unvise32.exe C:\Program Files\Eidos Interactive\I'm Going In\uninstal.log
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_387de32\Setup.exe /APR-REMOVE
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Game Studios Common Redistributables Pack 1 -->
Microsoft XML Parser -->
Platform -->
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TOAST.net --> "C:\Program Files\TOAST.net\dialer.exe" uninstall
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
ViviCam 10 and 20 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{124E930E-306E-441D-83D8-320C4B9401E1}\Setup.exe"
WebFldrs XP -->
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT


-- Application Event Log -------------------------------------------------------

Event ID #1608: Error
Event Submitted/Written: 07/24/2007 03:49:15 PM
Event Source: Application Hang
Event Description:
Fault bucket 199684631.

Event ID #1607: Error
Event Submitted/Written: 07/24/2007 03:49:04 PM
Event Source: Application Hang
Event Description:
Fault bucket 199684631.

Event ID #1606: Error
Event Submitted/Written: 07/24/2007 03:48:57 PM
Event Source: Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1605: Error
Event Submitted/Written: 07/24/2007 03:48:53 PM
Event Source: Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.4.0.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1574: Error
Event Submitted/Written: 07/14/2007 04:37:26 PM
Event Source: Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16473, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #16627: Error
Event Submitted/Written: 08/12/2007 00:22:10 PM
Event Source: Service Control Manager
Event Description:
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error:
%%1058

Event ID #16622: Error
Event Submitted/Written: 08/12/2007 00:18:09 PM
Event Source: Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event ID #16619: Error
Event Submitted/Written: 08/12/2007 00:18:09 PM
Event Source: Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event ID #16616: Error
Event Submitted/Written: 08/12/2007 00:18:09 PM
Event Source: Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event ID #16613: Error
Event Submitted/Written: 08/12/2007 00:18:08 PM
Event Source: Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2007-08-12 at 12:27:23 ---------

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 PM

Posted 12 August 2007 - 09:39 PM

OK, still no sign of malware. Did you notice any improvement after clearing your cache? I don't see that you've installed the latest version of Java yet.

DSS didn't show your fixed HJT items--there may be a couple of reasons for that but I can actually see them in your first log. Those O17's aren't bad but as long as you can connect you should be OK. You may want to reinstall the software from your ISP tho.

Has your browser slowed down suddenly or gradually? Is it just your browser? Installed any programs or hardware lately or around the time of the slow down? The only thing I see in your Event logs related to the browser is that Internet Explorer hung once. Could be a number of reasons why that happened. Spybot has hung a couple of times too so you may want to try to reinstall it.

You've disabled some of your devices and services, which shouldn't have anything to do with browser speed per se, but might affect overall performance.

One thing is it is not recomemnded to use msconfig to disable services. You can see why here:
http://www.blackviper.com/WinXP/servicecfg.htm
http://www.blackviper.com/AskBV/XP25.htm

You have these services disabled:

LexBceS
KodakCCS
ATI Smart
Ati HotKey Poller

I suggest you re-enable those in msconfig, reboot, then type services.msc in the Run box and disable them (if you wish) that way--or set them to manual. If you want your printer to work, you will need to have LexBceS enabled. Even if you don't have a Lexmark--I switched printer brands and thought I could disable this service also, but my new Epson printer won't work without it running so I speak from experience on that one.

Did you disable these devices intentionally?

RADEON 9200 - Secondary
Multimedia Audio Controller
VIA Rhine II Fast Ethernet Adapter

I'm not a hardware guy at all. To get some better advice on what may need to be straightened out, you can start a new topic in one of these forums:

Windows XP Home and Professional
Hardware

Altho HJT can be used for some general troubleshooting the main purpose of this forum is malware removal and security. What Ad-Aware calls Data Miners are another name for tracking cookies and aren't much to worry about--we all get them, just keep them cleaned out once or twice a week. There is some good diagnostic info in this thread, so when you start a new topic, but sure to link to this topic and let them know you are clear of malware.

The thing about people

is they change

when they walk away.--Mipso


#7 racingfan

racingfan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 12 August 2007 - 10:29 PM

OK, still no sign of malware. Did you notice any improvement after clearing your cache? I don't see that you've installed the latest version of Java yet.

DSS didn't show your fixed HJT items--there may be a couple of reasons for that but I can actually see them in your first log. Those O17's aren't bad but as long as you can connect you should be OK. You may want to reinstall the software from your ISP tho.

Has your browser slowed down suddenly or gradually? Is it just your browser? Installed any programs or hardware lately or around the time of the slow down? The only thing I see in your Event logs related to the browser is that Internet Explorer hung once. Could be a number of reasons why that happened. Spybot has hung a couple of times too so you may want to try to reinstall it.

You've disabled some of your devices and services, which shouldn't have anything to do with browser speed per se, but might affect overall performance.

One thing is it is not recomemnded to use msconfig to disable services. You can see why here:
http://www.blackviper.com/WinXP/servicecfg.htm
http://www.blackviper.com/AskBV/XP25.htm

You have these services disabled:

LexBceS
KodakCCS
ATI Smart
Ati HotKey Poller

I suggest you re-enable those in msconfig, reboot, then type services.msc in the Run box and disable them (if you wish) that way--or set them to manual. If you want your printer to work, you will need to have LexBceS enabled. Even if you don't have a Lexmark--I switched printer brands and thought I could disable this service also, but my new Epson printer won't work without it running so I speak from experience on that one.

Did you disable these devices intentionally?

RADEON 9200 - Secondary
Multimedia Audio Controller
VIA Rhine II Fast Ethernet Adapter

I'm not a hardware guy at all. To get some better advice on what may need to be straightened out, you can start a new topic in one of these forums:

Windows XP Home and Professional
Hardware

Altho HJT can be used for some general troubleshooting the main purpose of this forum is malware removal and security. What Ad-Aware calls Data Miners are another name for tracking cookies and aren't much to worry about--we all get them, just keep them cleaned out once or twice a week. There is some good diagnostic info in this thread, so when you start a new topic, but sure to link to this topic and let them know you are clear of malware.

Yes, I noticed some improvement after clearing the cache.
I forgot to install the new java before running the scan. I did uninstall it before scanning, and installed the new java afterward.
I haven't installed any new programs or hardware. My browser has hung on me and when Spybot hung, I closed it and reopened it and it scanned fine. But I think the 2 "hangs" is what got me suspicious. Plus the 2 017's.
Radeon 9200 Secondary is for use with an additional monitor, I only have one.
Multimedia Audio Controller, I did not disable. I don't know what it is.
VIA Rhine II Fast Ethernet Adapter, is for ehternet. I'm on dialup.
I'll do as you suggested about the disabled services.
Thanks for helping me make sure that the system is clean of malware!

Edited by racingfan, 12 August 2007 - 10:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users