Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search200, Pop-ups, SLUGGISH....HELP!


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you post a new StartUpList?

I saw those Tasks in that log.

Enumerating Task Scheduler jobs:

A0E56B769192E9DE.job
AD4971619026F0CD.job
CB785D529C6BEBFE.job
E mail backup.job
FE9F9B3598C8459D.job


Regards,

Pieter
  • 0

Advertisements


#17
jscla

jscla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello again Pieter--
Just back from being out of town for a few days, thus the slow reply.

Here is the start up log, for what it's worth. I do see the portion you're referring to, also. Not sure what is going on.

Hope you can make sense of it...and THX for even trying!

JT


StartupList report, 1/12/2005, 8:18:42 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\JSCLA\My Documents\Downloads\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Photodex\ProShow\ScsiAccess.exe
C:\PROGRA~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG7\avgcc.exe
C:\PROGRA~1\AVG7\avgemc.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG7\avgw.exe
C:\Documents and Settings\JSCLA\My Documents\Downloads\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\JSCLA\Start Menu\Programs\Startup]
Event Reminder.lnk = C:\Program Files\print master\PMREMIND.EXE

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HP Lamp = C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
PLXSTART = C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE
PLXTASK = C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
WD Button Manager = WDBtnMgr.exe
AVG7_CC = C:\PROGRA~1\AVG7\avgcc.exe /STARTUP
AVG7_EMC = C:\PROGRA~1\AVG7\avgemc.exe
2wSysTray = C:\Program Files\2Wire\2PortalMon.exe
SoloSentry = C:\PROGRA~1\SOLOAN~1\SOLOSENT.EXE
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Second Copy 2000 = "C:\Program Files\SecCopy\SecCopy.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Spybot\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\smiehlp.dll - {A491D208-B353-490F-B81A-A8A3DC97042D}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A0E56B769192E9DE.job
AD4971619026F0CD.job
CB785D529C6BEBFE.job
E mail backup.job
FE9F9B3598C8459D.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.c...s/yinst0401.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[Install Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pinstall.dll
CODEBASE = http://updates.lifes...ll/pinstall.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[AVXControl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\avxnew.dll
CODEBASE = http://threatlevel.p...trol/avxnew.dll

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...37904.304837963

[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.../20/SassCln.CAB

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://download.yaho...alls/yab_af.cab

[PhotosCtrl Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\YPhotos.dll
CODEBASE = http://photos.yahoo....plorer1_9us.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: i:\92a8619de95174c99816a0|||9

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,703 bytes
Report generated in 3.375 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
This is what I see in your Startuplist:
A0E56B769192E9DE.job
AD4971619026F0CD.job
CB785D529C6BEBFE.job
E mail backup.job
FE9F9B3598C8459D.job

Can you try something for me?

Download and unzip to one folder:
http://metallica.gee...om/gettasks.zip

Inside the folder find gettasks.bat

Doubleclick it and it will create the file C:\tasks.txt
Find that file and copy the content into your next post.

Regards,

Pieter
  • 0

#19
jscla

jscla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Pieter--

Not sure if this will help, but here's the tasks.txt log:


[TRACE] Enumerating jobs and queues
A0E56B769192E9DE.job
AD4971619026F0CD.job
CB785D529C6BEBFE.job
E mail backup.job
FE9F9B3598C8459D.job



Looks familiar...though I have no idea what it means.
Thx for looking!

JT
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Copy the part in bold below into notepad and save the file as cleantasks.bat (Set filetype to "All files") Save it to the gettasks folder where jt.exe is in.


@echo off
jt /sd A0E56B769192E9DE.job
jt /sd AD4971619026F0CD.job
jt /sd CB785D529C6BEBFE.job
jt /sd FE9F9B3598C8459D.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt


Then doubleclick cleantasks.bat and find the new c:\tasks.txt

Post the content please.

Regards,

Pieter
  • 0

#21
jscla

jscla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi again Pieter--

Very cool! Looks as though your file did some magic. Hope that helps clean up the trash!


New log:

[TRACE] Enumerating jobs and queues
E mail backup.job


Wow...thx again!

JT
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Hey. That is great. :tazz:

Safe surfing,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP