Massive slowdown, tried many spyware removers, no effect. Any suggestions? - Page 2 - Safer-Networking Forums

pskelley · 2007-05-25, 12:35

I really believe I have shown you what your problem is and I do not think it is malware. Did you bother to read the information I posted for you?

If you have found four items and can't figure out how to post the report, type them, make sure it is the complete name and locattion (pathway)

Strike · 2007-05-26, 08:31

Here you go:

P2P "KaZaA" found in:
Key "hkey_current_user \software\kazaa"
Key "hkey_local_machine \software\kazaa"
More Info
ActualNames Hijacker
Hijacker "ActualNames" found in:
Key "hkey_local_machine \software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/wuinst.dll" value "{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}"
Key "hkey_local_machine \software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/wuinst.dll" value ".owner" data "{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}"
More Info
unclassified dialer Dialer
Dialer "unclassified dialer" found in:
Key "hkey_current_user \software\local appwizard-generated applications\popup"
More Info
Ezula Adware
Adware "Ezula" found in:
Key "hkey_current_user \software\microsoft\windows\currentversion\explorer" value "processinst" data "1"
Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer" value "processinst" data "1"
More Info
2o7.net Tracking Cookie
Tracking Cookie "2o7.net" found in:
Cookie "rubens papillon@2o7[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@2o7[2].txt"
More Info
adbrite.com Tracking Cookie
Tracking Cookie "adbrite.com" found in:
Cookie "rubens papillon@adbrite[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adbrite[2].txt"
More Info
adinterax.com Tracking Cookie
Tracking Cookie "adinterax.com" found in:
Cookie "rubens papillon@adinterax[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adinterax[1].txt"
More Info
adrevolver.com Tracking Cookie
Tracking Cookie "adrevolver.com" found in:
Cookie "rubens papillon@adrevolver[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adrevolver[1].txt"
Cookie "rubens papillon@adrevolver[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adrevolver[2].txt"
More Info
PointRoll.com Tracking Cookie
Tracking Cookie "PointRoll.com" found in:
Cookie "rubens papillon@ads.pointroll[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@ads.pointroll[2].txt"
More Info
scripps.com Tracking Cookie
Tracking Cookie "scripps.com" found in:
Cookie "rubens papillon@adsremote.scripps[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adsremote.scripps[1].txt"
More Info
AtlasDMT.com Tracking Cookie
Tracking Cookie "AtlasDMT.com" found in:
Cookie "rubens papillon@atdmt[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@atdmt[2].txt"
More Info
BS.Serving-Sys Tracking Cookie
Tracking Cookie "BS.Serving-Sys" found in:
Cookie "rubens papillon@bs.serving-sys[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@bs.serving-sys[1].txt"
More Info
Com.com Tracking Cookie
Tracking Cookie "Com.com" found in:
Cookie "rubens papillon@com[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@com[1].txt"
More Info
Data.Coremetrics.com Tracking Cookie
Tracking Cookie "Data.Coremetrics.com" found in:
Cookie "rubens papillon@data.coremetrics[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@data.coremetrics[1].txt"
More Info
GameSpyID.com Tracking Cookie
Tracking Cookie "GameSpyID.com" found in:
Cookie "rubens papillon@gamespyid[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@gamespyid[1].txt"
More Info
insightexpressai.com Tracking Cookie
Tracking Cookie "insightexpressai.com" found in:
Cookie "rubens papillon@insightexpressai[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@insightexpressai[1].txt"
More Info
quantserve.com Tracking Cookie
Tracking Cookie "quantserve.com" found in:
Cookie "rubens papillon@quantserve[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@quantserve[1].txt"
More Info
revsci.net Tracking Cookie
Tracking Cookie "revsci.net" found in:
Cookie "rubens papillon@revsci[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@revsci[2].txt"
More Info
Serving-Sys Tracking Cookie
Tracking Cookie "Serving-Sys" found in:
Cookie "rubens papillon@serving-sys[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@serving-sys[2].txt"
More Info
Statcounter Tracking Cookie
Tracking Cookie "Statcounter" found in:
Cookie "rubens papillon@statcounter[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@statcounter[1].txt"
More Info
WebTrends Tracking Cookie
Tracking Cookie "WebTrends" found in:
Cookie "rubens papillon@statse.webtrendslive[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@statse.webtrendslive[2].txt"
More Info
turn.com Tracking Cookie
Tracking Cookie "turn.com" found in:
Cookie "rubens papillon@turn[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@turn[2].txt"
More Info
xiti.com Tracking Cookie
Tracking Cookie "xiti.com" found in:
Cookie "rubens papillon@xiti[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@xiti[1].txt"
More Info
Zedo Tracking Cookie
Tracking Cookie "Zedo" found in:
Cookie "rubens papillon@zedo[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@zedo[1].txt"
More Info
ShopAtHomeSelect Adware
Adware "ShopAtHomeSelect" found in:
File "c:\windows\redir.txt"
More Info
SearchV Hijacker
Hijacker "SearchV" found in:
File "c:\windows\belt.ini"
More Info
WinFetcher Adware
Adware "WinFetcher" found in:
File "c:\documents and settings\rubens papillon\local settings\tempwm_fuins.bat"
More Info
Trojan.Win32.StartPage.he Homepage Hijacker
Homepage Hijacker "Trojan.Win32.StartPage.he" found in:
File "c:\program files\internet explorer\signup\presario.htm"
More Info
Trojan.Lager Trojan
Trojan "Trojan.Lager" found in:
File "c:\documents and settings\rubens papillon\local settings\temp\wer59.tmp.dir00\appcompat.txt"

pskelley · 2007-05-26, 13:39

Most of that junk is cookies, you do know how to clean your cookies don't you? C:\Documents and Settings\Rubens Papillon\Cookies\
http://www.google.com/search?hl=en&q...=Google+Search

Looks like leftovers in the registry, might take a registry cleaning to get the junk? I can post a link to a freeware registry cleaner if you wish but you are so limited in the space on your drive I don't know how the program will install and run?

If you want to try another scan to see what it will remove, try this one:
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

You are chasing your tail, the sooner you come to grips with the major issue you have which is lack of adequate drive space, the better off you are going to me. Until that point, we are both wasting our time and mine is valuable, I don't know how you feel about yours.

Thanks you

2007-05-25, 12:35	#11
pskelley In Memoriam -Always in our heart Join Date: Oct 2005 Location: Clearwater, Florida Posts: 20,558	I really believe I have shown you what your problem is and I do not think it is malware. Did you bother to read the information I posted for you? If you have found four items and can't figure out how to post the report, type them, make sure it is the complete name and locattion (pathway) __________________ MS-MVP Consumer Security 2007-08-09 Proud Member ASAP UNITE Member 2006

2007-05-26, 13:39	#13
pskelley In Memoriam -Always in our heart Join Date: Oct 2005 Location: Clearwater, Florida Posts: 20,558	Most of that junk is cookies, you do know how to clean your cookies don't you? C:\Documents and Settings\Rubens Papillon\Cookies\ http://www.google.com/search?hl=en&q...=Google+Search Looks like leftovers in the registry, might take a registry cleaning to get the junk? I can post a link to a freeware registry cleaner if you wish but you are so limited in the space on your drive I don't know how the program will install and run? If you want to try another scan to see what it will remove, try this one: Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You are chasing your tail, the sooner you come to grips with the major issue you have which is lack of adequate drive space, the better off you are going to me. Until that point, we are both wasting our time and mine is valuable, I don't know how you feel about yours. Thanks you __________________ MS-MVP Consumer Security 2007-08-09 Proud Member ASAP UNITE Member 2006

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

2007-05-26, 08:31	#12
Strike Junior Member Join Date: May 2007 Posts: 7	Here you go: P2P "KaZaA" found in: Key "hkey_current_user \software\kazaa" Key "hkey_local_machine \software\kazaa" More Info ActualNames Hijacker Hijacker "ActualNames" found in: Key "hkey_local_machine \software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/wuinst.dll" value "{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}" Key "hkey_local_machine \software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/wuinst.dll" value ".owner" data "{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}" More Info unclassified dialer Dialer Dialer "unclassified dialer" found in: Key "hkey_current_user \software\local appwizard-generated applications\popup" More Info Ezula Adware Adware "Ezula" found in: Key "hkey_current_user \software\microsoft\windows\currentversion\explorer" value "processinst" data "1" Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer" value "processinst" data "1" More Info 2o7.net Tracking Cookie Tracking Cookie "2o7.net" found in: Cookie "rubens papillon@2o7[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@2o7[2].txt" More Info adbrite.com Tracking Cookie Tracking Cookie "adbrite.com" found in: Cookie "rubens papillon@adbrite[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adbrite[2].txt" More Info adinterax.com Tracking Cookie Tracking Cookie "adinterax.com" found in: Cookie "rubens papillon@adinterax[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adinterax[1].txt" More Info adrevolver.com Tracking Cookie Tracking Cookie "adrevolver.com" found in: Cookie "rubens papillon@adrevolver[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adrevolver[1].txt" Cookie "rubens papillon@adrevolver[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adrevolver[2].txt" More Info PointRoll.com Tracking Cookie Tracking Cookie "PointRoll.com" found in: Cookie "rubens papillon@ads.pointroll[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@ads.pointroll[2].txt" More Info scripps.com Tracking Cookie Tracking Cookie "scripps.com" found in: Cookie "rubens papillon@adsremote.scripps[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@adsremote.scripps[1].txt" More Info AtlasDMT.com Tracking Cookie Tracking Cookie "AtlasDMT.com" found in: Cookie "rubens papillon@atdmt[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@atdmt[2].txt" More Info BS.Serving-Sys Tracking Cookie Tracking Cookie "BS.Serving-Sys" found in: Cookie "rubens papillon@bs.serving-sys[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@bs.serving-sys[1].txt" More Info Com.com Tracking Cookie Tracking Cookie "Com.com" found in: Cookie "rubens papillon@com[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@com[1].txt" More Info Data.Coremetrics.com Tracking Cookie Tracking Cookie "Data.Coremetrics.com" found in: Cookie "rubens papillon@data.coremetrics[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@data.coremetrics[1].txt" More Info GameSpyID.com Tracking Cookie Tracking Cookie "GameSpyID.com" found in: Cookie "rubens papillon@gamespyid[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@gamespyid[1].txt" More Info insightexpressai.com Tracking Cookie Tracking Cookie "insightexpressai.com" found in: Cookie "rubens papillon@insightexpressai[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@insightexpressai[1].txt" More Info quantserve.com Tracking Cookie Tracking Cookie "quantserve.com" found in: Cookie "rubens papillon@quantserve[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@quantserve[1].txt" More Info revsci.net Tracking Cookie Tracking Cookie "revsci.net" found in: Cookie "rubens papillon@revsci[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@revsci[2].txt" More Info Serving-Sys Tracking Cookie Tracking Cookie "Serving-Sys" found in: Cookie "rubens papillon@serving-sys[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@serving-sys[2].txt" More Info Statcounter Tracking Cookie Tracking Cookie "Statcounter" found in: Cookie "rubens papillon@statcounter[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@statcounter[1].txt" More Info WebTrends Tracking Cookie Tracking Cookie "WebTrends" found in: Cookie "rubens papillon@statse.webtrendslive[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@statse.webtrendslive[2].txt" More Info turn.com Tracking Cookie Tracking Cookie "turn.com" found in: Cookie "rubens papillon@turn[2].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@turn[2].txt" More Info xiti.com Tracking Cookie Tracking Cookie "xiti.com" found in: Cookie "rubens papillon@xiti[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@xiti[1].txt" More Info Zedo Tracking Cookie Tracking Cookie "Zedo" found in: Cookie "rubens papillon@zedo[1].txt" File "C:\Documents and Settings\Rubens Papillon\Cookies\rubens papillon@zedo[1].txt" More Info ShopAtHomeSelect Adware Adware "ShopAtHomeSelect" found in: File "c:\windows\redir.txt" More Info SearchV Hijacker Hijacker "SearchV" found in: File "c:\windows\belt.ini" More Info WinFetcher Adware Adware "WinFetcher" found in: File "c:\documents and settings\rubens papillon\local settings\tempwm_fuins.bat" More Info Trojan.Win32.StartPage.he Homepage Hijacker Homepage Hijacker "Trojan.Win32.StartPage.he" found in: File "c:\program files\internet explorer\signup\presario.htm" More Info Trojan.Lager Trojan Trojan "Trojan.Lager" found in: File "c:\documents and settings\rubens papillon\local settings\temp\wer59.tmp.dir00\appcompat.txt"