Hi, my system performance is really hurting. It seems to be just getting slower and slower every day. I do a daily automatic scan with Windows Defender, run Spybot Teatimer, do weekly scans with Lavasoft ad-aware and Spybot Search and Destroy, use SiteAdvisor and use McAfee Virus Scan. Based on all these, I have no reason to believe I have malware, but I don't know what else is killing my performance. Please take a look at my HJT log and see if you can help me figure out what may be killing my performance. Like do I maybe have too much anti-malware running at the same time that they're interfering with one another. TIA.......
Larry
Logfile of HijackThis v1.99.1
Scan saved at 4:02:24 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Larry\My Documents\My Download Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1121458780031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...749/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Full Version: HJT Log Check, Please
Hi Larry, Welcome to the forum 
There is no signs of malware infections in your log so it could be related to the real time protection products installed, SiteAdvisor could slow IE abit as I assume it would need to contact their site to get information on the webpages displayed or search engine results but it shouldnt slow things down that much, Windows Defender is still in the beta testing stage so there maybe still some bugs in the program that need attention, Im not beta testing Defender so I couldnt comment on how well it performs, Spybot's TeaTimer could also slow things down abit as its constantly monitoring the pc for changes, I dont think these programs would conflict with each other and I wouldnt suggest you remove any of them as they are all genuine and helping to protect your pc so its really your choice if you want to try disabling them to test if it improves performance.
Have you tried running a disk defrag on your system as that could be causing slowdowns if there is alot of fragmented files in different area's ( Start -> All Programs -> Accessories -> System Tools -> Disk Defragmenter), Click the Analyse button first then run defrag if its recommended.
There's afew optional fixes showing in your log but you will need to disable Spybot's TeaTimer as it could interfere with the Hijack This fixes.
Right click the TeaTimer icon in the system tray and choose Exit Spybot S&D Resident. It will restart when you reboot the pc.
If you have any problems disabling it that way use this method below:
Run Spybot-S&D, Go to the Mode menu, and make sure "Advanced Mode" is selected, On the left hand side, choose Tools -> Resident , Uncheck "Resident TeaTimer" and OK any prompts. You can reenable TeaTimer after making the Hijack This fixes.
Run Hijack This and choose Do A System Scan then place a check next to any of these entries that you want to fix, close all open browser and other windows except for Hijack This and press the Fix Checked button
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:// www.dell4me.com/myway
MyWay isnt malicious as its not Adware or Spyware but it does come pre-installed on dell pc's which makes it an optional fix as its not always there with the users consent, It can be left if you value the service from MyWay or fixed if you was not aware it was installed. If you want to remove Myway Click Start Menu > Control Panel > Add or Remove Programs. check for My Way Search Assistant or MyWebSearch and click Remove.
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
The URLSearchHook was changed by Myway but as its showing the file is missing Myway may of already been uninstalled and has just left some traces behind, This entry should be fixed to return it to Microsoft's default setting.
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
Another Myweb entry and it should be fixed with the file being missing.
04 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Checks for Java updates but doesnt need to run everytime you reboot the system. You can still update Java after fixing this entry by using the Control Panel's Java icon or by visiting Sun's website Here.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktime movies will still play automatically when they are run. To stop it coming back right click the blue Quicktime Icon in the system tray then click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK and fix the above entry in Hijack This if it remains.
O15 - Trusted Zone: *.musicmatch.com
This is a genuine site but it should not need to be in IE's trusted zone, This zone runs
at a very high level of privilege and offers the lowest security protection so adding any domains to this zone needs consideration. This page shows MusicMatch has had some vulnerabilities in the past so the safe option is to fix the entry but it can be left If you are happy for it to be in the trusted zone.
To make sure there isnt malware problems can you run a scan at Kaspersky and post back the log:
Run Kaspersky WebScanner
Regards
Andy
There is no signs of malware infections in your log so it could be related to the real time protection products installed, SiteAdvisor could slow IE abit as I assume it would need to contact their site to get information on the webpages displayed or search engine results but it shouldnt slow things down that much, Windows Defender is still in the beta testing stage so there maybe still some bugs in the program that need attention, Im not beta testing Defender so I couldnt comment on how well it performs, Spybot's TeaTimer could also slow things down abit as its constantly monitoring the pc for changes, I dont think these programs would conflict with each other and I wouldnt suggest you remove any of them as they are all genuine and helping to protect your pc so its really your choice if you want to try disabling them to test if it improves performance.
Have you tried running a disk defrag on your system as that could be causing slowdowns if there is alot of fragmented files in different area's ( Start -> All Programs -> Accessories -> System Tools -> Disk Defragmenter), Click the Analyse button first then run defrag if its recommended.
There's afew optional fixes showing in your log but you will need to disable Spybot's TeaTimer as it could interfere with the Hijack This fixes.
Right click the TeaTimer icon in the system tray and choose Exit Spybot S&D Resident. It will restart when you reboot the pc.
If you have any problems disabling it that way use this method below:
Run Spybot-S&D, Go to the Mode menu, and make sure "Advanced Mode" is selected, On the left hand side, choose Tools -> Resident , Uncheck "Resident TeaTimer" and OK any prompts. You can reenable TeaTimer after making the Hijack This fixes.
Run Hijack This and choose Do A System Scan then place a check next to any of these entries that you want to fix, close all open browser and other windows except for Hijack This and press the Fix Checked button
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:// www.dell4me.com/myway
MyWay isnt malicious as its not Adware or Spyware but it does come pre-installed on dell pc's which makes it an optional fix as its not always there with the users consent, It can be left if you value the service from MyWay or fixed if you was not aware it was installed. If you want to remove Myway Click Start Menu > Control Panel > Add or Remove Programs. check for My Way Search Assistant or MyWebSearch and click Remove.
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
The URLSearchHook was changed by Myway but as its showing the file is missing Myway may of already been uninstalled and has just left some traces behind, This entry should be fixed to return it to Microsoft's default setting.
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
Another Myweb entry and it should be fixed with the file being missing.
04 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Checks for Java updates but doesnt need to run everytime you reboot the system. You can still update Java after fixing this entry by using the Control Panel's Java icon or by visiting Sun's website Here.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktime movies will still play automatically when they are run. To stop it coming back right click the blue Quicktime Icon in the system tray then click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK and fix the above entry in Hijack This if it remains.
O15 - Trusted Zone: *.musicmatch.com
This is a genuine site but it should not need to be in IE's trusted zone, This zone runs
at a very high level of privilege and offers the lowest security protection so adding any domains to this zone needs consideration. This page shows MusicMatch has had some vulnerabilities in the past so the safe option is to fix the entry but it can be left If you are happy for it to be in the trusted zone.
To make sure there isnt malware problems can you run a scan at Kaspersky and post back the log:
Run Kaspersky WebScanner
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop so it can be post back.
Regards
Andy
OK, finally ran the Kaspersky scan as you suggested. What do I need to do? Here's the results of the Kaspersky scan:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 17, 2006 10:09:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/06/2006
Kaspersky Anti-Virus database records: 201136
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 64410
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 1
Duration of the scan process: 00:52:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx/[From <jeffy3@ix.netcom.com>][Date Mon, 19 Oct 1998 20:29:31 -0500 (CDT)]/UNNAMED/problem.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx/[From <jeffy3@ix.netcom.com>][Date Mon, 19 Oct 1998 20:29:31 -0500 (CDT)]/UNNAMED Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED/class.exe Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx Mail MS Outlook 5: infected - 2, suspicious - 1 skipped
C:\Documents and Settings\Larry\My Documents\My Download Files\movie2.exe/SIZZLE.EXE Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Documents and Settings\Larry\My Documents\My Download Files\movie2.exe ZIP: infected - 1 skipped
Scan process completed.
Should I have provided the scan results as an attachment, or is the paste OK? Thanks.
Larry
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 17, 2006 10:09:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/06/2006
Kaspersky Anti-Virus database records: 201136
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 64410
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 1
Duration of the scan process: 00:52:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx/[From <jeffy3@ix.netcom.com>][Date Mon, 19 Oct 1998 20:29:31 -0500 (CDT)]/UNNAMED/problem.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx/[From <jeffy3@ix.netcom.com>][Date Mon, 19 Oct 1998 20:29:31 -0500 (CDT)]/UNNAMED Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\From Jeff&Jan.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED/class.exe Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx/[From shelquis <shelquis@hotmail.com>][Date Tue, 08 Oct 2002 15:25:44 +0100]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Larry\Local Settings\Application Data\Identities\{825D2E20-FE28-11D6-B8FE-C0685A810129}\Microsoft\Outlook Express\Miscellaneous.dbx Mail MS Outlook 5: infected - 2, suspicious - 1 skipped
C:\Documents and Settings\Larry\My Documents\My Download Files\movie2.exe/SIZZLE.EXE Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Documents and Settings\Larry\My Documents\My Download Files\movie2.exe ZIP: infected - 1 skipped
Scan process completed.
Should I have provided the scan results as an attachment, or is the paste OK? Thanks.
Larry
Hi Larry
The Paste is fine as it makes it easier to read, Its showing there is some infected items in your Outlook Express mailbox but the dates show they are a few years old,
From Jeff&Jan should be removed, it may not be a Virus and appears to be a joke virus but it still should be removed from the system.
From shelquis should be removed as that is a Virus and also contains an exploit file so try to remove it without opening the email if possible, I never use Outlook so Im not familiar with the options.
Then delete this file:
C:\Documents and Settings\Larry\My Documents\My Download Files\movie2.exe
Because the above file is connected to a dialer can you then install and run Ewido to make sure there isnt more problems:
Download Ewido from Here
When installing, under Additional Options uncheck Install background guard and Install scan via context menu. Click on update in the left menu, then click the Start update button. After the update finishes from the main menu click on Scanner then click Complete System Scan, If ewido finds something, it will pop up a notification. Select Remove and check the boxes Perform action with all infections and Create encrypted backup then click on ok.When the scan finishes, click on Save Report and save it to your desktop or c:/drive and post back the results if it detects any malware (except cookies).
Its worth keeping Ewido installed as it performs fine after the trial has expired as a on-demand scanner/remover and its detection rate is excellent, It just stops the Auto Updates and Real Time protection but you can still update Ewido manually and run scans anytime you want.
Please post the Ewido report if it finds any additional issues.
Cheers
Andy
OK, Andy. Thanks. I think we're done. Ewido cleaned the dialer, and also a bunch of tracking cookies. I really appreciate your efficient and friendly help.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:47:10 AM, 6/18/2006
+ Report-Checksum: CE2CA3F0
+ Scan result:
C:\Documents and Settings\Julie\Cookies\julie@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@e-2dj6wjnyqgdzogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Larry\My Documents\My Download Files\dialer.exe -> Dialer.Generic : Cleaned with backup
::Report End
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:47:10 AM, 6/18/2006
+ Report-Checksum: CE2CA3F0
+ Scan result:
C:\Documents and Settings\Julie\Cookies\julie@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@e-2dj6wjnyqgdzogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Larry\Cookies\larry@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Larry\My Documents\My Download Files\dialer.exe -> Dialer.Generic : Cleaned with backup
::Report End
No Problem Larry
Its worth making sure that movie2.exe isnt still on the system as Ewido may of removed a different file than the one Kaspersky found but like you say the rest looks fine which is nice to see.
Let us know if you have problems again anytime
All The Best
Andy
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.