1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer running Slooowww--log attached

Discussion in 'Virus & Other Malware Removal' started by ladybuglydia, Jan 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. ladybuglydia

    ladybuglydia Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    4
    I have run Ad-Aware and Spybot. I have been running Ad-Aware daily for a week or so and I have critical objects found daily. Here is my hijackthis log results. Any help will be appreciated. Thanks so much!

    Logfile of HijackThis v1.99.0
    Scan saved at 2:56:18 PM, on 01/29/2005
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\GWMDMMSG.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BAUSB.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\WINDOWS\SYSTEM\SK9910DM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\HPZIPM12.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BOSTON.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\PICOZIP\PICOZIPTRAY.EXE
    C:\PROGRAM FILES\PICOZIP\PICOZIP.EXE
    C:\PROGRAM FILES\PICOZIP\PICOZIP.EXE
    C:\WINDOWS\TEMP\PZ_5050.TMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://alltelnet.custhelp.com/cgi-bin/alltelnet.cfg/php/enduser/home.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alltel.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ALLTEL Internet
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [IgfxTray] c:\windows\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] c:\windows\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [BAUSB] C:\Program Files\Boston Acoustics\Boston USB Audio System\BAUSB.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [PicoZip] C:\PROGRAM FILES\PICOZIP\PicoZipTray.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.alltel.net/
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1241/ftp.coupons.com/v6/brix6ie.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    hi, Critical objects doesn't help much, and there is not much in the HJT log.

    Can you give some names of things found?

    If there are only Tracking Cookies being found, you will always have those from regular websites you visit.
     
  3. ladybuglydia

    ladybuglydia Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    4
    Most are tracking cookies, but there were 3 others listed.

    Alexa
    Dssagent
    MRU List
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Good! Alexa is part of Internet Explorer, it is found by the antispyware removers because there is a bit of a privacy issue with it, it does keep track of website usage where it is installed...not a hijack or anything, but a privacy thing. You can and have I guess, removed it, it is OK to let SpyBot or other remove it. There is not file work to do, the program takes care of it for you.

    DSSAgent is much the same, made by Broderbund company, it comes usually in free software such as Family Tree Maker, and I have seen it included/bundled with childrens games like Little Bear Toddler type on CDs.


    AdAware reports the MRU list ....Most Recently Used list is what documents etc you have opened lately, Internet History etc. You need to set some settings like this I think:

    Start up AdAware, then:

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.
     
  5. ladybuglydia

    ladybuglydia Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    4
    This is the most recent one that appeared on 1-27-05. I do have another that is more lengthy that was on 1-22-05. I'm not sure how to copy and paste it however. It only says to copy to clipboard. I'm not familiar with that.


    obj (0)=MRU RegReference :
    software\microsoft\directdraw\mostrecentapplication name
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I did edit my reply and you might not have read it afterward...

    The settings for AdAware above may help you. If you are looking at the log for AdAware, it always shows these MRU items. They are normal, part of Windows...

    If you see these in results when you scan with AdAware, let it remove them.

    When you have things like Family Tree Maker or other games or software that contain DSSAgent, in some cases, but not all...the program may not work if you remove DSSAgent, in the cases I have seen, they did (kids game).

    Anything you have SpyBot or AdAware remove, can be restored back, individually, from the Quarantine or Recovery area in each program...if you have saved the Item backups....you see the entire list when you open in AdAware, the quarantine (yellow lock) icon and in SpyBot, when you click on Recovery tab....the lists show what was removed in your previous scans. Good idea to purge those things after a while, as you do not want them back, in almost all cases.... But, try the software that DSSAgent was in, before you decide to dump the quarantined or Recovery backups!!! It should say what program DSSAGent was associated with. DssAgent is minor updating software that did not become what it was supposed to be....

    Here is a website that should help you,it has a section on DSS Agent:

    http://www.parasiteware.com/

    Scroll down the page to the list of RED items, find DSS Agent and read about it.

    SpyBot always finds DSO Exploit> if you are seeing this, it is only a small bug in the SpyBot program and there is an update for it, let me know if you are seeing DSO Exploit found in each scan with SpyBot.
     
  7. ladybuglydia

    ladybuglydia Thread Starter

    Joined:
    Jan 29, 2005
    Messages:
    4
    I don't have Family Tree Maker, but we do have quite a few kindergarten-preschool-toddler games, so I'm sure that is where it came from. I'm in the process of doing a full system scan like you suggested. I think it has found 3 items so far, but it is still running. I really appreciate all your help. I'm not totally new to this, but I learn more everyday especially when I run into problems. Also, what can you tell me about system resources. Mine seem to be low, but I'm not sure what to do to improve this. I have removed some programs that we don't use, but I don't think that has really helped. Also, we have had some problems with our internet connection just freezing. The screen that will display your duration, bytes sent, and bytes received will just freeze on a number. The only numbers changing will be the duration. Does this sound like a ISP problem to you? Or could it be our modem? Any suggestions or info would be much appreciated.
     
  8. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    hi, To be honest, I reccommend that you do not try to use the Internet while scanning and removing things with any of the spyware removal programs. Best to not be doing much at all...

    How about the regular computer maintenance?

    try Frank L's website for some excellent help with routine maintenance and all aspects of using win98 etc.


    Yes, if you are seeing your connection freeze at about 580kb or thereabouts, it could be a symptom of some problem with Internet Explorer, or the modem settings.

    Can be a little tricky to chase down exactly what it is, but a thorough cleanup first and scandisk/defrag will help.

    If scandisk and defrag just continue to loop, and never finish, you may have a screensaver enabled or other software that prevents those tasks from finishing.

    You can do the tasks in Safe Mode, where very little is running. Frank's page has that information:

    http://9337387.home.icq.com/main2.html
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324680

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice