Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow Computer

Started by TaNkZ101 , Aug 18 2006 03:41 AM

  • Please log in to reply

#1
TaNkZ101
Posted 18 August 2006 - 03:41 AM

TaNkZ101

    Member

  • Member
  • PipPipPip
  • 327 posts
Hi, I've had this problem for a while, but only now have decided to follow the steps in order to do something against it. It seems that my computer needs to "tune in" or "warm up". Here's an example: when I boot the computer, it takes up to a minute to completely load the desktop (until it stops showing the mouse with the hourglass). I click the start menu, it apparently does nothing for several seconds, then slowly opens. Here's a good one: it takes up to 15 seconds to open MS Word. Also it seems to have trouble when I right-click a file- takes many seconds for the menu to appear. Thank goodness I haven't noticed any files missing. My computer is pretty good considering it's almost 5 years old (good hardware, performance horribly). This problem seems to have come on gradually, but I'm not sure. 2.4 GHz cpu, only 256mB of RAM though. Same graphix card as when I bought it (GeForce 4), so it shouldn't be a gfx problem. Here are the steps I've taken from the "Read this before..." thread:
  • Ad-Aware quarantined 200-odd objects.
  • CWShredder found only 1 CW, and removed it.
  • Spybot S&D also found a bunch of problems, all quarantined/deleted.
  • Ewido installed and ran it, despite that I already have Norton Antivirus. I removed Ewido after scanning/deleting problems. On another note: I hear that Norton Antiv. slows down your machine immensley- although I doubt this is the problem since I've had it for as long as I remember.
  • SP2 installed a while ago, but at that time I WAS having the problems that I described above.
    Also, a lot of times when I'm shutting down windows, I get the window "Please wait shutting down ... ccApp", "end now" button.
To save you one line of reading: I see on this list, I have Spyware Assassin, which I checked to be a suspected "rogue" software. I definately want this gone hehe.
-HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 11:29:56 AM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\SK2690DM.EXE
C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslstat.exe
C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {081B3799-10AF-FB9F-B267-FF7ECEA37D74} - (no file)
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("Columbia.AcIS.Installer", true);
user_pref("Columbia.AcIS.Running", false);
user_pref("aim.session.screenname", "BibiEsa");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\BERISLAV\\APPLICATION DATA\\Mozilla\\Profiles\\default\\no3051qa.slt");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.columbia.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
use
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("Columbia.AcIS.Installer", true);
user_pref("Columbia.AcIS.Running", false);
user_pref("aim.session.screenname", "BibiEsa");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\BERISLAV\\APPLICATION DATA\\Mozilla\\Profiles\\default\\no3051qa.slt");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.columbia.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
use
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C4A13E70-E37A-889E-72A1-898AEBF15A7B} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {48BCCCE2-4B2E-42F1-E617-BE520657F91D} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\Documents and Settings\BERISLAV\Local Settings\Temp\NAV\External\NORTON\NAVAPW32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120919187203
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{0707AF91-6465-4F3C-9636-10BF63E29DE5}: NameServer = 195.29.150.3 195.29.150.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0707AF91-6465-4F3C-9636-10BF63E29DE5}: NameServer = 195.29.150.3 195.29.150.4
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I realise you are not superhuman :whistling: , and patiently and greatly appreciate all help!
Additional note: if you find something called MOZVAG up there, it's not a threat.
The reason I suspect malware/adware is because before I used to have a [bleep] of a lot of popup ads, but my dad installed 1 or 2 pop-up blockers, and now I get NO ad-related pop-ups! However, when I run Norton Anti-virus scan, it always finds (the same) a several dozen files that it says are possible adware threats. BUT, when I click delete, it says delete failed on all of them.
Just one more thing: Alcohol was recently installed, plus it's not malware.
  • Yahoo! toolbar- I want it to stay!
  • Google toolbar- I want it to go! (although I can probably do this later, @ add/remove programs)
I see many views :blink:, but no replies yet :\

Edited by TaNkZ101, 21 August 2006 - 03:07 PM.

  • 0

Advertisements

#2
Metallica
Posted 22 August 2006 - 01:06 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Use HijackThis to fix these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {081B3799-10AF-FB9F-B267-FF7ECEA37D74} - (no file)

O2 - BHO: (no name) - {C4A13E70-E37A-889E-72A1-898AEBF15A7B} - (no file)

O3 - Toolbar: (no name) - {48BCCCE2-4B2E-42F1-E617-BE520657F91D} - (no file)

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Then reboot and
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Reboot once more. Let me know how the computer is behaving and post a fresh HijackThis log.
If you did not use Spyware Assassin to remove anything you can uninstall it from Add/Remove Software.

Regards,
  • 0

#3
TaNkZ101
Posted 22 August 2006 - 07:26 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
Hey, I followed all your instructions. It's doing a bit better, but I think I need to explain some things. Several days ago, I installed Silent Hunter 3 (game), but my system doesn't meet the minimum RAM requirements (256MB, 512MB is minimum). So to get it to run, I did a lot of (stupid) things, like end all the processes (tasks) that wouldn't make windows shutdown. A day after, I *discovered* virtual memory, and how to change it. The default setting was between 450-768 MB. When I set it to go from 1024-2048MB, my game was sometimes glitchy (laggy) as [bleep], but it didn't crash to Windows at least! Also, I noticed Windows in general was running smoother (but still not nearly as well as it should). After I followed your steps, I put the virtual memory back to 450-768MB, and I saw that my computer was running the same speed as it was a few days ago with the 1-2GB of virtual RAM. I guess this is proof that your help wasn't in vein. However, it still takes up to 15 seconds just to open MS Word. One more problem: (probably from screwing around with the processes a few days ago,) when I start up Windows, I get a message from the "Notification Area" of the taskbar (right corner) saying

Your computer might be at risk. Norton Internet Security is disabled.
...
Click on the balloon to fix this problem.

Can you help me fix this?
Here's my new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 3:10:42 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\SK2690DM.EXE
C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslstat.exe
C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://www.dell.com]http://www.dell.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://www.yahoo.com/search/ie.html]http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.yahoo.com/]http://www.yahoo.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.dell.com]http://www.dell.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see [url=http://www.mozilla.org/unix/customizing.html#prefs]http://www.mozilla.org/unix/customizing.html#prefs[/url]
 */

user_pref("Columbia.AcIS.Installer", true);
user_pref("Columbia.AcIS.Running", false);
user_pref("aim.session.screenname", "BibiEsa");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\BERISLAV\\APPLICATION DATA\\Mozilla\\Profiles\\default\\no3051qa.slt");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.columbia.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
use
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see [url=http://www.mozilla.org/unix/customizing.html#prefs]http://www.mozilla.org/unix/customizing.html#prefs[/url]
 */

user_pref("Columbia.AcIS.Installer", true);
user_pref("Columbia.AcIS.Running", false);
user_pref("aim.session.screenname", "BibiEsa");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\BERISLAV\\APPLICATION DATA\\Mozilla\\Profiles\\default\\no3051qa.slt");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.columbia.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
use
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\Documents and Settings\BERISLAV\Local Settings\Temp\NAV\External\NORTON\NAVAPW32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 2690 Daemon] SK2690DM.EXE
O4 - HKLM\..\Run: [mouseElf] C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\T-Com MAXadsl CD-ROM\T-Com Siemens ADSL A-100 Modem\Adsl\dslagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=39204]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120919187203]http://update.microsoft.com/windowsupdate/...b?1120919187203[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url=http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url]
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{0707AF91-6465-4F3C-9636-10BF63E29DE5}: NameServer = 195.29.150.3 195.29.150.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0707AF91-6465-4F3C-9636-10BF63E29DE5}: NameServer = 195.29.150.3 195.29.150.4
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Do you think I should run Norton Antivirus scan and tell you if there are any files that show up (see top of first post)?
Thanks for your help.
I defragmented my hard disk a few days ago.

Edited by TaNkZ101, 22 August 2006 - 07:57 AM.

  • 0

#4
Metallica
Posted 22 August 2006 - 08:39 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
I think you should be able to cure the Norton message in the Control Panel for the Software.
You will probably find you stoppped a service that is necessary for the firewall.

You do realize that using Virtual memory is slower then it would be with actual RAM.
I make it a habit to try and keep Virtual memory at 0, but even with a Gig of RAM that is not always possible.

Is your computer unable to use more RAM or is there another problem?

Also using other security software then Norton will often help in cutting back the use of resources, but I'm not sure what your options are.

Your log looks clean enough, but if you want to run another scan, let me know if and what it turns up.

Regards,
  • 0

#5
TaNkZ101
Posted 22 August 2006 - 09:02 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
I do know that the hard disc is slower than RAM (obviously, since I think RAM is the fastest external memory), but the way it was set, the game would crash to windows (probably because no more RAM+VM was available). This way it's slow, but it works (it's playable). (sigh) I guess I'll run Norton and see if it detects anything, and let you know (I can tell you right now that for 90-100% of the files, it will say 'delete failed'). I've been considering re-formatting for years (yes that's how long this has been bugging me), but my dad needs this comp for the following months for his job, and our laptop is broken beyond repair. Actually after he's finished with the computer, we'll probably send it to our (neighborhood) repair shop for reformatting/upgrading RAM etc... but I just wanted to see if it wasn't neccesary
  • 0

#6
TaNkZ101
Posted 22 August 2006 - 09:07 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
I also noticed something creepy the last few weeks... when I click on the norton system doctor icon (traffic light) in the notification area, the window shows up... but there's no name bar (the top bar on EVERY window that isn't a dialog window, it includes the minimize/restore/exit buttons). I don't suppose you have ANY idea what's going on?? (this was present before your help, but i thought it would go away!). I have to minimize it by right-click on the toolbar>minimize!! ahh!!

Edited by TaNkZ101, 22 August 2006 - 09:09 AM.

  • 0

#7
Metallica
Posted 22 August 2006 - 11:33 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

I also noticed something creepy the last few weeks... when I click on the norton system doctor icon (traffic light) in the notification area, the window shows up... but there's no name bar (the top bar on EVERY window that isn't a dialog window, it includes the minimize/restore/exit buttons). I don't suppose you have ANY idea what's going on?? (this was present before your help, but i thought it would go away!). I have to minimize it by right-click on the toolbar>minimize!! ahh!!


I'm not sure what you mean, but that and what you wrote before sounds like an explorer problem.
If you have an option to post a screenshot of that problem it would be appreciated.

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder)
  • 0

#8
TaNkZ101
Posted 22 August 2006 - 11:45 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
I"ll do that. here's a screenshot
  • 0

#9
TaNkZ101
Posted 22 August 2006 - 11:48 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts

The total filespace required to upload all the attached files is greater than your per post or global limit. Please reduce the number of attachments or the size of the attachments.

the file size is 0.5 megabytes. my norton antivirus scan could be screwing with it
  • 0

#10
Metallica
Posted 22 August 2006 - 12:02 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hmmm. Did you try and upload a .bmp file?

Better use Paint (or an alternative program like it) and save it as a .jpg
That makes them a lot smaller.

No problem if you can't get it done. Just skip to the WinPFind log.
  • 0

Advertisements

#11
TaNkZ101
Posted 22 August 2006 - 12:24 PM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
FINALLY. wow that was frustrating.
desktop.jpg
something missing?? lol
Also I recently uninstalled adobe photoshop, macromedia dreamweaver, macromedia fireworks, macromedia flash (the program). so when I ran windoctor, of course norton found many hundreds of invalid shortcuts/registrykeys/activex somethings, most were fixed, but about 100 are left... we'll deal with that later ok?

now i'll proceed to WinPFind.zip and getting you the log. thanks for your patience it's much better than mine

Edited by TaNkZ101, 22 August 2006 - 12:27 PM.

  • 0

#12
TaNkZ101
Posted 22 August 2006 - 12:52 PM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
Attached File  WinPFind.Txt   37.83KB   150 downloads
wow. good luck :whistling:
[code=auto:0]WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 8/22/2006 8:25:54 PM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PEC2 10/20/2004 7:10:46 AM 200923 C:\WINDOWS\Dvqdyuemjd.pcv
PEC2 10/20/2004 7:02:20 AM 193869 C:\WINDOWS\Ifqhlggtbc.whl
PTech 10/20/2004 7:08:26 AM 1626626 C:\WINDOWS\Jigbawhuequ.swr
aspack 10/20/2004 7:04:02 AM 1343999 C:\WINDOWS\Mfxelomk.uch
PTech 10/20/2004 7:04:02 AM 1343999 C:\WINDOWS\Mfxelomk.uch
PTech 10/20/2004 7:05:00 AM 483851 C:\WINDOWS\Ninvjka.lhb
PEC2 10/20/2004 7:01:54 AM 184535 C:\WINDOWS\Uleobmasc.fhn
PTech 10/30/2004 5:59:34 PM 1073501 C:\WINDOWS\Wtgvnlbexk.rks

Checking %System% folder...
UPX! 6/22/2004 8:12:10 AM 151040 C:\WINDOWS\SYSTEM32\d18.dll
PEC2 8/18/2001 1:00:00 PM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
UPX! 10/18/2004 3:04:42 PM 161280 C:\WINDOWS\SYSTEM32\fmod.dll
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 8/3/2006 3:22:50 AM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2006 3:22:50 AM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
PEC2 5/22/2000 6:00:00 AM 69120 C:\WINDOWS\SYSTEM32\Msinet.ocx
UPX! 9/21/2002 4:53:14 AM 120832 C:\WINDOWS\SYSTEM32\ncase.dll
UPX! 10/18/2002 12:24:38 PM 120832 C:\WINDOWS\SYSTEM32\ncase2.dll
UPX! 11/29/2002 4:54:32 AM 123392 C:\WINDOWS\SYSTEM32\netpal2.dll
aspack 8/4/2004 9:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 9:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 2/14/2003 4:03:34 PM 2342126 C:\WINDOWS\SYSTEM32\SimCity4_Industries.scr
winsync 8/18/2001 1:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 7:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/22/2006 8:31:42 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
8/16/2006 10:36:08 AM H 54156 C:\WINDOWS\QTFont.qfn
7/5/2006 2:21:58 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
7/28/2006 2:16:08 PM S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
7/27/2006 4:00:28 PM S 10337 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
7/21/2006 11:03:14 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
6/26/2006 9:47:22 PM S 11929 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
7/13/2006 4:24:46 PM S 13050 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
7/14/2006 6:13:00 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
7/14/2006 5:53:20 PM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
8/22/2006 8:31:32 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
8/22/2006 8:32:08 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
8/22/2006 8:31:44 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
8/22/2006 8:32:14 PM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
8/22/2006 8:31:50 PM H 1286144 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
8/10/2006 8:25:50 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
8/22/2006 8:28:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 9:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
10/10/1998 12:01:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
WIDCOMM, Inc. 1/20/2004 8:16:22 PM 254011 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 7/26/2006 3:03:14 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 9:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 9:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Davilex Software bv 11/22/2000 10:03:44 AM 61952 C:\WINDOWS\SYSTEM32\SERVICE.CPL
Microsoft Corporation 8/4/2004 9:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Voyetra Turtle Beach, Inc. 4/3/2002 10:47:48 PM 155648 C:\WINDOWS\SYSTEM32\tbccpnl.cpl
Microsoft Corporation 8/18/2001 1:00:00 PM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 9:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 9:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
NVIDIA Corporation 11/18/2002 3:15:00 PM 135168 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/12/2006 10:15:02 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
11/24/2004 2:44:18 PM 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
11/15/2001 2:31:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
8/23/2002 6:12:22 AM 1656 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoBack.lnk
1/17/2005 7:28:26 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/15/2001 2:23:32 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
12/13/2005 2:07:58 AM 8 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt

Checking files in %USERPROFILE%\Startup folder...
11/15/2001 2:31:16 PM HS 84 C:\Documents and Settings\BERISLAV\Start Menu\Programs\Startup\DESKTOP.INI
8/23/2002 6:17:50 AM 989 C:\Documents and Settings\BERISLAV\Start Menu\Programs\Startup\Norton System Doctor.LNK

Checking files in %USERPROFILE%\Application Data folder...
10/4/2005 12:39:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\10530.pre
10/5/2005 11:16:50 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\10548.pre
10/5/2005 11:27:22 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\10620.pre
10/4/2005 1:18:36 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\10642.pre
10/4/2005 1:04:02 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\11169.pre
10/5/2005 1:48:50 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\12027.pre
10/5/2005 2:20:58 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\12118.pre
10/3/2005 12:33:58 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\12466.pre
10/5/2005 12:26:24 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\12598.pre
10/5/2005 1:46:50 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\12812.pre
10/4/2005 12:30:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\14294.pre
10/5/2005 2:13:26 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\14362.pre
10/5/2005 1:59:04 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\14470.pre
10/5/2005 12:37:08 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\14600.pre
10/3/2005 11:57:42 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\14671.pre
10/5/2005 12:23:44 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\15259.pre
10/5/2005 11:20:12 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\15344.pre
10/4/2005 1:06:44 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\15549.pre
10/4/2005 1:32:00 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\15750.pre
10/5/2005 12:22:24 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\16055.pre
10/4/2005 1:23:08 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\16135.pre
10/3/2005 12:30:48 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\16998.pre
10/3/2005 12:14:46 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\17056.pre
10/3/2005 1:15:08 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\17470.pre
10/5/2005 11:12:40 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\17791.pre
10/5/2005 1:51:14 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\18111.pre
10/5/2005 11:18:52 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\18538.pre
10/5/2005 12:20:04 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\18648.pre
10/4/2005 12:27:38 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\18946.pre
10/4/2005 1:04:54 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\19180.pre
10/4/2005 12:24:26 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\19240.pre
10/3/2005 12:22:28 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\19242.pre
10/3/2005 1:04:06 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\19314.pre
10/5/2005 11:03:20 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\19584.pre
10/3/2005 12:59:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\19606.pre
10/5/2005 11:11:42 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\19741.pre
10/5/2005 11:24:54 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\19805.pre
10/3/2005 12:01:34 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\20255.pre
10/3/2005 10:50:20 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\20603.pre
10/3/2005 1:16:40 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\21205.pre
10/5/2005 1:42:02 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\21578.pre
10/3/2005 12:52:34 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\22158.pre
10/5/2005 11:15:22 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\22272.pre
10/5/2005 2:15:44 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\2230.pre
10/5/2005 12:35:00 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\22743.pre
10/5/2005 1:38:52 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\22894.pre
10/5/2005 2:10:50 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\23606.pre
10/5/2005 11:45:10 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\23933.pre
10/5/2005 12:31:28 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\23976.pre
10/3/2005 12:38:52 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\24469.pre
10/4/2005 1:21:50 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\25043.pre
10/4/2005 1:15:30 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\25836.pre
10/4/2005 12:32:04 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\2600.pre
10/5/2005 11:33:48 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\26104.pre
10/5/2005 12:17:56 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\26485.pre
10/5/2005 11:10:44 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\28118.pre
10/3/2005 12:49:46 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\28197.pre
10/3/2005 1:06:30 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\28510.pre
10/3/2005 1:13:32 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\29052.pre
10/5/2005 12:28:10 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\29692.pre
10/5/2005 1:36:04 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\299.pre
10/4/2005 1:02:38 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\30244.pre
10/4/2005 12:33:32 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\30276.pre
10/5/2005 12:01:06 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\305.pre
10/5/2005 12:04:06 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\30847.pre
10/5/2005 2:18:14 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\31833.pre
10/5/2005 11:05:44 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\31843.pre
10/5/2005 1:30:14 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\32197.pre
10/5/2005 1:54:38 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\32449.pre
10/5/2005 11:37:30 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\32566.pre
10/5/2005 1:57:00 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\357.pre
10/5/2005 1:34:46 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\3747.pre
10/4/2005 1:27:04 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\4462.pre
10/5/2005 2:22:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\4689.pre
10/3/2005 12:46:58 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\4890.pre
10/3/2005 1:10:24 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\4999.pre
10/5/2005 2:01:42 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\5174.pre
10/3/2005 12:44:08 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\5520.pre
10/4/2005 12:22:52 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\5861.pre
10/5/2005 1:32:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\6197.pre
10/5/2005 12:30:14 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\6445.pre
10/5/2005 12:32:44 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\6702.pre
10/3/2005 12:26:44 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\6730.pre
10/3/2005 12:57:52 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\7086.pre
10/5/2005 2:08:54 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\7135.pre
10/5/2005 12:13:20 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\7217.pre
10/5/2005 11:34:32 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\7379.pre
10/4/2005 1:30:16 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\7584.pre
10/5/2005 12:07:18 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\7886.pre
10/5/2005 11:07:16 AM 4124 C:\Documents and Settings\BERISLAV\Application Data\8218.pre
10/3/2005 12:35:58 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\8520.pre
10/3/2005 12:40:08 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\8827.pre
10/5/2005 1:45:10 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\9189.pre
10/4/2005 1:03:02 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\9393.pre
10/4/2005 1:17:32 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\960.pre
10/5/2005 2:04:14 PM 4124 C:\Documents and Settings\BERISLAV\Application Data\9715.pre
11/15/2001 2:23:32 PM HS 62 C:\Documents and Settings\BERISLAV\Application Data\DESKTOP.INI
11/7/2002 8:20:46 PM 89408 C:\Documents and Settings\BERISLAV\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Cnv2Shell
{A118FEA0-1D1B-4165-BC37-88F95B250E7B} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NppShellExt
{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PicaView
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EAC_VirusScanner
{46D570D9-71C8-44E5-A76C-AADFE94442CA} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\NppShellExt
{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} = C:\PROGRA~1\Corel\WORDPE~1\programs\pfse90.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
= C:\Program Files\Microsoft Money\System\mnyviewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messen
  • 0

#13
Metallica
Posted 23 August 2006 - 12:32 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Some very suspicious files.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\Dvqdyuemjd.pcv
    C:\WINDOWS\Ifqhlggtbc.whl
    C:\WINDOWS\Jigbawhuequ.swr
    C:\WINDOWS\Mfxelomk.uch
    C:\WINDOWS\Mfxelomk.uch
    C:\WINDOWS\Ninvjka.lhb
    C:\WINDOWS\Uleobmasc.fhn
    C:\WINDOWS\Wtgvnlbexk.rks
    C:\WINDOWS\SYSTEM32\d18.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

I'll post back in a few with a follow-up, but you can start with the above without waiting for it.

Regards,
  • 0

#14
TaNkZ101
Posted 23 August 2006 - 12:37 AM

TaNkZ101

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 327 posts
OH o0o0o0 so we found something! yay! by the way I'm in croatia so I think we're in the same time zone, aren't we?
  • 0

#15
Metallica
Posted 23 August 2006 - 12:40 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download and unzip:
http://www.diamondcs...onsoletools.zip

Save all the files in the zip to this path:
C:\console

This isn't absolutely necessary, but will make it a lot easier for me since I have them there as well.

Now open exactly one explorer window
Do not open any instances of IE or you might get the wrong results.
Click Start > Run > cmd > OK

The command prompt will open.
Type these commands behind the prompts, each line followed by using ENTER

cd\
cd console
procs -l

This will result in a list of processes each followed by a number between brackets (the PID)
Find the PID for (the first instance of) explorer.exe
That should look something like this C:\Windows\explorer.exe [1512]
Since your number will probably not be 1512 you will have to replace it by your own in the command below.

Then use this command

procs -m:1512


This will result in a list of all the modules in use by explorer.exe

Copy and paste that list into your next post.
I think the cause for the unusual behavior will be in there.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP