PDA

View Full Version : why so slow



justmike
2006-05-05, 02:57
Here is the hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 7:51:28 PM, on 04/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\MEDIAFOUR\MACVNTFY.EXE
C:\PROGRAM FILES\MEDIAFOUR\XPLAY\XPTRYICN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Class - {E29E0ADF-144A-0633-9FF6-E70874A6E182} - blank (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [SpywareRemover] C:\PROGRAM FILES\SPYWAREREMOVER\SpywareRemover.exe -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCTF32.EXE] C:\WINDOWS\MFCTF32.EXE /s
O4 - HKLM\..\RunServices: [SYSQU.EXE] C:\WINDOWS\SYSQU.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSNR.EXE /s
O4 - HKLM\..\RunServices: [MFCYQ32.EXE] C:\WINDOWS\SYSTEM\MFCYQ32.EXE /s
O4 - HKLM\..\RunServices: [APICD.EXE] C:\WINDOWS\APICD.EXE /s
O4 - HKLM\..\RunServices: [JAVAVI32.EXE] C:\WINDOWS\JAVAVI32.EXE /s
O4 - HKLM\..\RunServices: [ATLAE32.EXE] C:\WINDOWS\SYSTEM\ATLAE32.EXE /s
O4 - HKLM\..\RunServices: [MFCER.EXE] C:\WINDOWS\SYSTEM\MFCER.EXE /s
O4 - HKLM\..\RunServices: [NTGM32.EXE] C:\WINDOWS\NTGM32.EXE /s
O4 - HKLM\..\RunServices: [IECJ.EXE] C:\WINDOWS\SYSTEM\IECJ.EXE /s
O4 - HKLM\..\RunServices: [IERE32.EXE] C:\WINDOWS\IERE32.EXE /s
O4 - HKLM\..\RunServices: [ATLON32.EXE] C:\WINDOWS\ATLON32.EXE /s
O4 - HKLM\..\RunServices: [SDKQS.EXE] C:\WINDOWS\SDKQS.EXE /s
O4 - HKLM\..\RunServices: [MFCVO.EXE] C:\WINDOWS\SYSTEM\MFCVO.EXE /s
O4 - HKLM\..\RunServices: [MFCOB.EXE] C:\WINDOWS\MFCOB.EXE /s
O4 - HKLM\..\RunServices: [SYSIO.EXE] C:\WINDOWS\SYSTEM\SYSIO.EXE /s
O4 - HKLM\..\RunServices: [ATLBK32.EXE] C:\WINDOWS\ATLBK32.EXE /s
O4 - HKLM\..\RunServices: [APIVY.EXE] C:\WINDOWS\SYSTEM\APIVY.EXE /s
O4 - HKLM\..\RunServices: [IPXK.EXE] C:\WINDOWS\SYSTEM\IPXK.EXE /s
O4 - HKLM\..\RunServices: [NETHQ.EXE] C:\WINDOWS\NETHQ.EXE /s
O4 - HKLM\..\RunServices: [SYSXS32.EXE] C:\WINDOWS\SYSXS32.EXE /s
O4 - HKLM\..\RunServices: [SDKPJ32.EXE] C:\WINDOWS\SDKPJ32.EXE /s
O4 - HKLM\..\RunServices: [WINGI.EXE] C:\WINDOWS\SYSTEM\WINGI.EXE /s
O4 - HKLM\..\RunServices: [SDKYA.EXE] C:\WINDOWS\SYSTEM\SDKYA.EXE /s
O4 - HKLM\..\RunServices: [IPKS32.EXE] C:\WINDOWS\SYSTEM\IPKS32.EXE /s
O4 - HKLM\..\RunServices: [SYSRH32.EXE] C:\WINDOWS\SYSRH32.EXE /s
O4 - HKLM\..\RunServices: [IEZE.EXE] C:\WINDOWS\IEZE.EXE /s
O4 - HKLM\..\RunServices: [MSNL.EXE] C:\WINDOWS\MSNL.EXE /s
O4 - HKLM\..\RunServices: [WINDG32.EXE] C:\WINDOWS\WINDG32.EXE /s
O4 - HKLM\..\RunServices: [APPEY.EXE] C:\WINDOWS\SYSTEM\APPEY.EXE /s
O4 - HKLM\..\RunServices: [IELJ32.EXE] C:\WINDOWS\IELJ32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\SYSTEM\IERY32.EXE /s
O4 - HKLM\..\RunServices: [SDKUQ.EXE] C:\WINDOWS\SDKUQ.EXE /s
O4 - HKLM\..\RunServices: [IEKO32.EXE] C:\WINDOWS\SYSTEM\IEKO32.EXE /s
O4 - HKCU\..\Run: [Windows Registry Repair Pro] E:\REGISTRYREPAIRPRO.EXE 4
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pppoedomain
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.47.244.78,206.47.244.13,192.169.2.1

LonnyRJones
2006-05-05, 03:26
Hi

Download and unzip aboutbuster to your desktop or c:\
http://www.downloads.subratam.org/AboutBuster.zip

Restart your PC into safe mode and run aboutbuster
http://support.microsoft.com/default.aspx?scid=kb;EN-US;180902

Afterwards restart back to a normal windows session and post the aboutbuster log along with a new hijackthis log.

justmike
2006-05-06, 03:33
I've run AboutBuster twice in safe mode - tho even it spent a lot of time onaddpw32.dll but ended up finishing in 30 minutes for each run.
I've run another hjt scan and am attaching its log. Waiting on the team's diagnosis and prognosis.

Logfile of HijackThis v1.99.1
Scan saved at 8:24:39 PM, on 05/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Class - {E29E0ADF-144A-0633-9FF6-E70874A6E182} - blank (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [SpywareRemover] C:\PROGRAM FILES\SPYWAREREMOVER\SpywareRemover.exe -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MFCTF32.EXE] C:\WINDOWS\MFCTF32.EXE /s
O4 - HKLM\..\RunServices: [SYSQU.EXE] C:\WINDOWS\SYSQU.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSNR.EXE /s
O4 - HKLM\..\RunServices: [MFCYQ32.EXE] C:\WINDOWS\SYSTEM\MFCYQ32.EXE /s
O4 - HKLM\..\RunServices: [APICD.EXE] C:\WINDOWS\APICD.EXE /s
O4 - HKLM\..\RunServices: [JAVAVI32.EXE] C:\WINDOWS\JAVAVI32.EXE /s
O4 - HKLM\..\RunServices: [ATLAE32.EXE] C:\WINDOWS\SYSTEM\ATLAE32.EXE /s
O4 - HKLM\..\RunServices: [MFCER.EXE] C:\WINDOWS\SYSTEM\MFCER.EXE /s
O4 - HKLM\..\RunServices: [NTGM32.EXE] C:\WINDOWS\NTGM32.EXE /s
O4 - HKLM\..\RunServices: [IECJ.EXE] C:\WINDOWS\SYSTEM\IECJ.EXE /s
O4 - HKLM\..\RunServices: [IERE32.EXE] C:\WINDOWS\IERE32.EXE /s
O4 - HKLM\..\RunServices: [ATLON32.EXE] C:\WINDOWS\ATLON32.EXE /s
O4 - HKLM\..\RunServices: [SDKQS.EXE] C:\WINDOWS\SDKQS.EXE /s
O4 - HKLM\..\RunServices: [MFCVO.EXE] C:\WINDOWS\SYSTEM\MFCVO.EXE /s
O4 - HKLM\..\RunServices: [MFCOB.EXE] C:\WINDOWS\MFCOB.EXE /s
O4 - HKLM\..\RunServices: [SYSIO.EXE] C:\WINDOWS\SYSTEM\SYSIO.EXE /s
O4 - HKLM\..\RunServices: [ATLBK32.EXE] C:\WINDOWS\ATLBK32.EXE /s
O4 - HKLM\..\RunServices: [APIVY.EXE] C:\WINDOWS\SYSTEM\APIVY.EXE /s
O4 - HKLM\..\RunServices: [IPXK.EXE] C:\WINDOWS\SYSTEM\IPXK.EXE /s
O4 - HKLM\..\RunServices: [NETHQ.EXE] C:\WINDOWS\NETHQ.EXE /s
O4 - HKLM\..\RunServices: [SYSXS32.EXE] C:\WINDOWS\SYSXS32.EXE /s
O4 - HKLM\..\RunServices: [SDKPJ32.EXE] C:\WINDOWS\SDKPJ32.EXE /s
O4 - HKLM\..\RunServices: [WINGI.EXE] C:\WINDOWS\SYSTEM\WINGI.EXE /s
O4 - HKLM\..\RunServices: [SDKYA.EXE] C:\WINDOWS\SYSTEM\SDKYA.EXE /s
O4 - HKLM\..\RunServices: [IPKS32.EXE] C:\WINDOWS\SYSTEM\IPKS32.EXE /s
O4 - HKLM\..\RunServices: [SYSRH32.EXE] C:\WINDOWS\SYSRH32.EXE /s
O4 - HKLM\..\RunServices: [IEZE.EXE] C:\WINDOWS\IEZE.EXE /s
O4 - HKLM\..\RunServices: [MSNL.EXE] C:\WINDOWS\MSNL.EXE /s
O4 - HKLM\..\RunServices: [WINDG32.EXE] C:\WINDOWS\WINDG32.EXE /s
O4 - HKLM\..\RunServices: [APPEY.EXE] C:\WINDOWS\SYSTEM\APPEY.EXE /s
O4 - HKLM\..\RunServices: [IELJ32.EXE] C:\WINDOWS\IELJ32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\SYSTEM\IERY32.EXE /s
O4 - HKLM\..\RunServices: [SDKUQ.EXE] C:\WINDOWS\SDKUQ.EXE /s
O4 - HKLM\..\RunServices: [IEKO32.EXE] C:\WINDOWS\SYSTEM\IEKO32.EXE /s
O4 - HKCU\..\Run: [Windows Registry Repair Pro] E:\REGISTRYREPAIRPRO.EXE 4
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pppoedomain
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.47.244.78,206.47.244.13,192.169.2.1

LonnyRJones
2006-05-09, 06:22
I didnt know you had replied
Use the post reply button rather then new topic

Where is the abpoutbuster log ?
Start Hijackthis and place a check next to these items If there.
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E29E0ADF-144A-0633-9FF6-E70874A6E182} - blank (file missing)
O4 - HKLM\..\RunServices: [MFCTF32.EXE] C:\WINDOWS\MFCTF32.EXE /s
O4 - HKLM\..\RunServices: [SYSQU.EXE] C:\WINDOWS\SYSQU.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [SYSNR.EXE] C:\WINDOWS\SYSNR.EXE /s
O4 - HKLM\..\RunServices: [MFCYQ32.EXE] C:\WINDOWS\SYSTEM\MFCYQ32.EXE /s
O4 - HKLM\..\RunServices: [APICD.EXE] C:\WINDOWS\APICD.EXE /s
O4 - HKLM\..\RunServices: [JAVAVI32.EXE] C:\WINDOWS\JAVAVI32.EXE /s
O4 - HKLM\..\RunServices: [ATLAE32.EXE] C:\WINDOWS\SYSTEM\ATLAE32.EXE /s
O4 - HKLM\..\RunServices: [MFCER.EXE] C:\WINDOWS\SYSTEM\MFCER.EXE /s
O4 - HKLM\..\RunServices: [NTGM32.EXE] C:\WINDOWS\NTGM32.EXE /s
O4 - HKLM\..\RunServices: [IECJ.EXE] C:\WINDOWS\SYSTEM\IECJ.EXE /s
O4 - HKLM\..\RunServices: [IERE32.EXE] C:\WINDOWS\IERE32.EXE /s
O4 - HKLM\..\RunServices: [ATLON32.EXE] C:\WINDOWS\ATLON32.EXE /s
O4 - HKLM\..\RunServices: [SDKQS.EXE] C:\WINDOWS\SDKQS.EXE /s
O4 - HKLM\..\RunServices: [MFCVO.EXE] C:\WINDOWS\SYSTEM\MFCVO.EXE /s
O4 - HKLM\..\RunServices: [MFCOB.EXE] C:\WINDOWS\MFCOB.EXE /s
O4 - HKLM\..\RunServices: [SYSIO.EXE] C:\WINDOWS\SYSTEM\SYSIO.EXE /s
O4 - HKLM\..\RunServices: [ATLBK32.EXE] C:\WINDOWS\ATLBK32.EXE /s
O4 - HKLM\..\RunServices: [APIVY.EXE] C:\WINDOWS\SYSTEM\APIVY.EXE /s
O4 - HKLM\..\RunServices: [IPXK.EXE] C:\WINDOWS\SYSTEM\IPXK.EXE /s
O4 - HKLM\..\RunServices: [NETHQ.EXE] C:\WINDOWS\NETHQ.EXE /s
O4 - HKLM\..\RunServices: [SYSXS32.EXE] C:\WINDOWS\SYSXS32.EXE /s
O4 - HKLM\..\RunServices: [SDKPJ32.EXE] C:\WINDOWS\SDKPJ32.EXE /s
O4 - HKLM\..\RunServices: [WINGI.EXE] C:\WINDOWS\SYSTEM\WINGI.EXE /s
O4 - HKLM\..\RunServices: [SDKYA.EXE] C:\WINDOWS\SYSTEM\SDKYA.EXE /s
O4 - HKLM\..\RunServices: [IPKS32.EXE] C:\WINDOWS\SYSTEM\IPKS32.EXE /s
O4 - HKLM\..\RunServices: [SYSRH32.EXE] C:\WINDOWS\SYSRH32.EXE /s
O4 - HKLM\..\RunServices: [IEZE.EXE] C:\WINDOWS\IEZE.EXE /s
O4 - HKLM\..\RunServices: [MSNL.EXE] C:\WINDOWS\MSNL.EXE /s
O4 - HKLM\..\RunServices: [WINDG32.EXE] C:\WINDOWS\WINDG32.EXE /s
O4 - HKLM\..\RunServices: [APPEY.EXE] C:\WINDOWS\SYSTEM\APPEY.EXE /s
O4 - HKLM\..\RunServices: [IELJ32.EXE] C:\WINDOWS\IELJ32.EXE /s
O4 - HKLM\..\RunServices: [IERY32.EXE] C:\WINDOWS\SYSTEM\IERY32.EXE /s
O4 - HKLM\..\RunServices: [SDKUQ.EXE] C:\WINDOWS\SDKUQ.EXE /s
O4 - HKLM\..\RunServices: [IEKO32.EXE] C:\WINDOWS\SYSTEM\IEKO32.EXE /s

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run aboutbuster again, post it's log and a hijackthis log

justmike
2006-05-10, 02:02
Ran the HJT and removed the entries indicated. Ran the AboutBuster twice also - no log saved or I didn't save it. All I have is the HJT log below.

Logfile of HijackThis v1.99.1
Scan saved at 6:51:23 PM, on 09/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [SpywareRemover] C:\PROGRAM FILES\SPYWAREREMOVER\SpywareRemover.exe -boot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Windows Registry Repair Pro] E:\REGISTRYREPAIRPRO.EXE 4
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pppoedomain
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.47.244.78,206.47.244.13,192.169.2.1

LonnyRJones
2006-05-10, 02:10
Why is it your not saving the log after running aboutbuster ?

Have hijackthis fix this item
O4 - HKLM\..\Run: [SpywareRemover] C:\PROGRAM FILES\SPYWAREREMOVER\SpywareRemover.exe -boot
-------------------------------------------------
Restart the PC

Install atleast a free anti virus
Dont make the common mistake of installing more than one anti virus or firewall
AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php
AntiVir Personal Edition: http://www.free-av.com/
avast! 4 Home - Free antivirus software :
http://www.asw.cz/eng/free_virus_protectio.html

justmike
2006-05-14, 02:13
I've downloaded AVG (from GRISOFT) and run it 4 times and it looks like I have a self-replicating virus at C:\RESTORE\TEMP\A05...CPY - 8626 of them.
I've quarantined and healed them but they still appear on a scan. I cannot find them in the C:\RESTORE folder to delete them ??
I also re-tried SpyBot afterwards and killed it after 2 hours -- still too slow.

LonnyRJones
2006-05-14, 04:55
Thats system restore, deal with those using windows tools
For windows ME
Right-click the My Computer icon on the Desktop and click Properties.
Click the Performance tab.
Click the File System button.
Click the Troubleshooting tab.
Select Disable System Restore.
Click Apply > Close > Close.
When prompted to restart, click Yes.
Next go back and Re-enable System Restore
by unchecking Disable System Restore

justmike
2006-05-16, 00:44
Done. Anything else to try ??

LonnyRJones
2006-05-16, 06:15
That infection removed two normal runs, lets put them back

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Go start run and type in
scanreg /fix
When it is finished Restart your PC.

Post a report from one or both of these free onlines scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

justmike
2006-05-17, 04:27
Whew -- finally done. I choose the Kaspersky tool and its results are attached:
Protection
----------
Total scanned: 212371
Detected: 5
Untreated: 2
Start time: 16/05/2006 7:36:23 PM
Duration: 01:47:05


Detected
--------
Status Object
------ ------
deleted: riskware not-a-virus:RiskTool.Win32.PsKill.n File: c:\My Documents\My Received Files\XoftSpy_setup.exe/data0035
deleted: riskware not-a-virus:RiskTool.Win32.PsKill.n File: c:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006
detected: riskware not-a-virus:RiskTool.Win32.PsKill.n File: c:\Program Files\XoftSpy\uninstall.exe/data0003
not found: riskware not-a-virus:RiskTool.Win32.PsKill.n File: c:\_RESTORE\TEMP\A0000125.CPY/data0003
detected: riskware not-a-virus:RiskTool.Win32.PsKill.n File: c:\_RESTORE\TEMP\A0000125.CPY


Events
------
Time Event
---- -----
16/05/2006 6:05:05 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
16/05/2006 6:08:29 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
16/05/2006 6:08:32 PM The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.
16/05/2006 6:18:03 PM Update completed successfully.
16/05/2006 7:46:59 PM File c:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 7:46:59 PM Security threats have been detected. You are advised to neutralize them immediately.
16/05/2006 7:46:59 PM File c:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: is not disinfected, postponed
16/05/2006 7:47:01 PM File c:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 7:47:01 PM File c:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: is not disinfected, postponed
16/05/2006 8:30:46 PM File c:\Program Files\XoftSpy\uninstall.exe/data0003: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:30:47 PM File c:\Program Files\XoftSpy\uninstall.exe/data0003: is not disinfected, postponed
16/05/2006 8:44:24 PM File C:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:44:24 PM File C:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: is not disinfected, postponed
16/05/2006 8:44:26 PM File C:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:44:26 PM File C:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: is not disinfected, postponed
16/05/2006 8:44:30 PM File c:\_RESTORE\TEMP\A0000125.CPY/data0003: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:44:30 PM File c:\_RESTORE\TEMP\A0000125.CPY/data0003: is not disinfected, postponed
16/05/2006 8:44:44 PM File c:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:44:44 PM File c:\My Documents\My Received Files\XoftSpy_setup.exe/data0035: is not disinfected, postponed
16/05/2006 8:44:44 PM File c:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 8:44:44 PM File c:\My Documents\My Received Files\ccleaner.zip\ccsetup126.exe/stream/data0006: is not disinfected, postponed
16/05/2006 9:14:42 PM File c:\Program Files\XoftSpy\uninstall.exe/data0003: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 9:14:42 PM File c:\Program Files\XoftSpy\uninstall.exe/data0003: is not disinfected, postponed
16/05/2006 9:19:52 PM File c:\my documents\my received files\xoftspy_setup.exe/data0035: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 9:21:03 PM File c:\my documents\my received files\xoftspy_setup.exe/data0035: is not disinfected, skipped by user
16/05/2006 9:21:04 PM File c:\my documents\my received files\ccleaner.zip\ccsetup126.exe/stream/data0006: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 9:21:07 PM File c:\my documents\my received files\ccleaner.zip\ccsetup126.exe/stream/data0006: is not disinfected, skipped by user
16/05/2006 9:21:08 PM File c:\program files\xoftspy\uninstall.exe/data0003: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 9:21:12 PM File c:\program files\xoftspy\uninstall.exe/data0003: is not disinfected, skipped by user
16/05/2006 9:21:12 PM File c:\_restore\temp\a0000125.cpy: detected riskware not-a-virus:RiskTool.Win32.PsKill.n
16/05/2006 9:21:39 PM File c:\_restore\temp\a0000125.cpy: is not disinfected, skipped by user


Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----
Proactive Defense running 16/05/2006 7:36:23 PM 0 bytes
File Anti-Virus running 16/05/2006 7:36:22 PM 0 bytes
Web Anti-Virus running 16/05/2006 7:36:23 PM 0 bytes
Mail Anti-Virus running 16/05/2006 7:36:23 PM 0 bytes
Scan completed 16/05/2006 7:43:29 PM 16/05/2006 9:21:39 PM 31.7 MB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: riskware not-a-virus:RiskTool.Win32.PsKill.n c:\my documents\my received files\xoftspy_setup.exe 1.6 MB
Infected: riskware not-a-virus:RiskTool.Win32.PsKill.n c:\my documents\my received files\ccleaner.zip 500.6 KB

LonnyRJones
2006-05-17, 07:41
"Why is it your not saving the log after running aboutbuster ?"

I ask again for a purpose.
Open SpyBot, go help about and let us know what version you have ?

Please describe the current problems again.

justmike
2006-05-19, 00:25
Should I try SpyBot now ?? Is there a link for the WIN utilities you mentioned?

LonnyRJones
2006-05-19, 06:40
Please answer the questions

And what win utilities ?

justmike
2006-05-20, 01:00
They were mentioned in your post of 14/05/06 :

Thats system restore, deal with those using windows tools
For windows ME

LonnyRJones
2006-05-20, 01:23
Please run aboutbuster again when its done save the log this time , if you get an error tell us about it...

justmike
2006-05-22, 19:37
Message from About Buster - no files found.Should I try SpyBot now ?

LonnyRJones
2006-05-22, 22:25
Are you messing with me ? :confused:
Folks usualy don't ignore questions we ask

It might help if you answer the questions
Open SpyBot, go help about and let us know what version you have ?

Please describe the current problems again.

justmike
2006-05-24, 01:44
version 1.4 last detection update : 2006-05-12.
My original problem was the slowness of SpyBot to process -- runs in excess of 24 hours were common. Even now, overall the process is slow and when it hits CWS, AdGoblin or Carima Enterprises files it freezes.
With all the cleaning I've been asked to do and have done using AboutBuster and AVG applications - which have returned "no viruses found" verdicts, SpyBot still runs slow and absolutely freezes when it finds files it thinks are CWS,AdGoblin and Carima Enterprises.

LonnyRJones
2006-05-24, 02:56
Post one more hijackthis log, Im curious if those two normal windows run items are back.

Im not sure if it will help, (has on occasion) go start run and type in
scanreg /fix
hit ok or press enter, when it is done restart your PC and let us know if SSD still takes so long.

justmike
2006-05-26, 00:15
Ran the scanreg.
Started SSD at 8:37 pn EST on May 24,2006 with Explorer the only started application active on my system - at start up SSD indicated there were 38806 files it would be examining.
I stooped SSD at 7:10 am EST on May 25,2006 while it was on file 7708 (
of 38806).
HJT log info is appended below.

Logfile of HijackThis v1.99.1
Scan saved at 7:15:11 PM, on 24/05/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\MEDIAFOUR\MACVNTFY.EXE
C:\PROGRAM FILES\MEDIAFOUR\XPLAY\XPTRYICN.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\HIJACTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:/www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [kav] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [AVP] "C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE -r"
O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\Diskeeper\DkService.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] E:\REGISTRYREPAIRPRO.EXE 4
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4759/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pppoedomain
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.47.244.78,206.47.244.13,192.169.2.1

LonnyRJones
2006-05-27, 13:46
Im out of ideas for now, I will bring this up with our advisers/helpers

justmike
2006-05-28, 16:02
Thanks , I'll check in from time to time for any updates.

LonnyRJones
2006-06-06, 04:31
Try SpyBot after uninstalling all but one of those antivirus programs.

justmike
2006-06-11, 21:19
Deleted the AVG and Xoftspy apps. and removed and re-downloaded SSD including its latest update.
Started SSD at 12:15 pm my time and again it seemed to find a Carima Enterprises file ( @570 of 38806 files) and freeze but got past it, froze again when it found an AdGoblin file(@5350 of 38806 files) but got past it.Found its first CoolWWWSearch file at 12:57 pm (@ 5907 of 38808 files) and I terminated SSD at 3:00 pm while it was on file 7336 of 38806.
I also did the same for another identical computer I am running tho' this one has 40806 eligible files that SSD successfully processed in 20 minutes.

tashi
2006-06-20, 20:19
This topic has been closed to prevent others with similar issues posting in it.

If you have not resolved the problem, please send me a pm to re-open the thread and provide a link to this topic.

Applies only to the original topic starter.