I am new here but have run out of places to turn, so it is my hope that you'll be kind enough to offer me some aid in my hour of desperation. Basically here's my scenario.
Recently, I noticed extremely decreased usage speed in my Windows XP Pro install. I have had SP3 installed for a bit, and it was working fine prior to the decreased efficiency, so I don't think it is a factor. I have, since noticing the decrease, done the following.
Run a full scan with Norton 360 (after liveupdating)
Installed Ad-Aware, updated, ran a full scan
installed SpyBot, updated, ran a full scan
My symptoms aren't incredibly distinct so as to warrant an effective internet search. Shortly after noticing the speed decrease, I noticed the emergence of firefox popups and unauthorized new tabs. This was new as I had previously had wonderful luck with firefox's popup blocking. I checked in the following places for suspicious items;
Registry ... current user and local machine windows run and runonce folders
startup folder in menu
the registry hunt returned a couple suspicious items, but i suspect their namings are so random that they don't offer much in the way of leads. Basically they were rundll commands for a few gibberish files in system32. I removed them and rebooted and they returned. Here's where it gets annoying.
I also safebooted, went into the system32 folder and removed the gibberish files there. I rebooted, and they too returned. Upon the installation of Spybot, I have been receiving notification (which I have set for automatically deny) that something is trying to recreate another of those rundll commands in the registry. I have a lurking suspicion that my problems are related somehow to activeX, but I haven't found anything substantial to support such a suspicion.
BRIEF EDIT: Upon a post, spybot clean reboot, it appears this pesky notification still remains, though the dll it is trying to setup for run has randomed its name. the consistent naming is given to the entry itself, 'BM6f0e9528'.
There are also two or three extremely quick command windows popping up on reboot. They say something to the effect of failing to find a file. I suspect this is a partial success, in that I probably have removed some suspect dll files from system32 and the lovely 'whatever it is' can no longer find them. I do however, continue to have an unusually high amount of rundll and svchost processes sitting in my task manager now and this is what concerns me most.
My questions are these, what do you think I have? and what could I do to better facilitate aid in diagnosis and treatment?
Edited by tjackson80, 14 June 2008 - 07:31 AM.