If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Lag only when on-line
Hello and thanks for reading. My computer lags only when I'm on-line. It lag
for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
Ads |
#2
|
|||
|
|||
Go through the programs installed on your computer manually. It seems to me
that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#3
|
|||
|
|||
Thanks Greeniewolf for your answer. It all started when I installed home key
logger. I uninstalled after a couple of houres and McAffe removed any residual of the software, as well as Ad-awre did. It's seem better now that i run Trend Microâ„¢ CWShredderâ„¢ Version 2.15, but still sometime, like evrey 2/3 minutes the computer lags for about 1 second. What else should I do? Thanks a lot for your help. ciao "Greeniewolf" wrote: Go through the programs installed on your computer manually. It seems to me that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#4
|
|||
|
|||
****correction**** the computer lags every 15/20 seconds for about 1 sec.
Please help, what should I do? Thanks a lot ciao "Woldo" wrote: Thanks Greeniewolf for your answer. It all started when I installed home key logger. I uninstalled after a couple of houres and McAffe removed any residual of the software, as well as Ad-awre did. It's seem better now that i run Trend Microâ„¢ CWShredderâ„¢ Version 2.15, but still sometime, like evrey 2/3 minutes the computer lags for about 1 second. What else should I do? Thanks a lot for your help. ciao "Greeniewolf" wrote: Go through the programs installed on your computer manually. It seems to me that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#5
|
|||
|
|||
Go online and browse around until the symptoms occure.
Run Spybot in advanced mode, and leave IE running online. In Spybot, click Tools (left pane, bottom), then click Process List (Left Pane) In the top window in the right pane, find and click on IEXPLORE.EXE . Once done, all processes that are created as children of iexplore.exe will be listed in the bottom window. Find each file on your hdd and view it's properties. If you have no 3rd party BHO's or ie pluggins installed, every file listed, should have a Version tab on it's properties window, and the tab should contain company name, version, file description, etc., that should help you decide which are legit and which may not be. "Woldo" wrote in message ... ****correction**** the computer lags every 15/20 seconds for about 1 sec. Please help, what should I do? Thanks a lot ciao "Woldo" wrote: Thanks Greeniewolf for your answer. It all started when I installed home key logger. I uninstalled after a couple of houres and McAffe removed any residual of the software, as well as Ad-awre did. It's seem better now that i run Trend MicroT CWShredderT Version 2.15, but still sometime, like evrey 2/3 minutes the computer lags for about 1 second. What else should I do? Thanks a lot for your help. ciao "Greeniewolf" wrote: Go through the programs installed on your computer manually. It seems to me that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#6
|
|||
|
|||
Hi Taylor,
thanks for your help. I did what you suggest me, but my computer lags even if IE is not running (Eg. it lags or slow down my key entry for about a second evrey 15 even if I'm just using Word or Outlook or just clicking on a folder or on my documents). Anyway, I did searched one by one all the files that I found where you told me to look, but all of them are Microsoft products with version, company name, etc. that seemed fine exept for these 3: COMRes.dll - CLBCATQ.dll - OLEAUT32.dll. I hope I did the right thing. Do you think it si useful if I post my HiJack this log? Thank you very much for your time, I really appreciated it. Ciao "S. Taylor" wrote: Go online and browse around until the symptoms occure. Run Spybot in advanced mode, and leave IE running online. In Spybot, click Tools (left pane, bottom), then click Process List (Left Pane) In the top window in the right pane, find and click on IEXPLORE.EXE . Once done, all processes that are created as children of iexplore.exe will be listed in the bottom window. Find each file on your hdd and view it's properties. If you have no 3rd party BHO's or ie pluggins installed, every file listed, should have a Version tab on it's properties window, and the tab should contain company name, version, file description, etc., that should help you decide which are legit and which may not be. "Woldo" wrote in message ... ****correction**** the computer lags every 15/20 seconds for about 1 sec. Please help, what should I do? Thanks a lot ciao "Woldo" wrote: Thanks Greeniewolf for your answer. It all started when I installed home key logger. I uninstalled after a couple of houres and McAffe removed any residual of the software, as well as Ad-awre did. It's seem better now that i run Trend MicroT CWShredderT Version 2.15, but still sometime, like evrey 2/3 minutes the computer lags for about 1 second. What else should I do? Thanks a lot for your help. ciao "Greeniewolf" wrote: Go through the programs installed on your computer manually. It seems to me that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#7
|
|||
|
|||
Those 3 files exist on my system, too.
I'm sorry, when you wrote that the lag occures only when online, i assumed, it occured while or after using IE. If you mean, that it only lags when you're connected to the internet, no matter what you're actually doing, then you may have a program running that only becomes active when a connection is detected. I'm running XP SP2, if you'd like to compare your processes to mine, then use Spybot to make a list of installed ActiveX, BHO's, Start Up Items, and Processes. Post them as a reply and i'll compare it to mine. "Woldo" wrote in message news Hi Taylor, thanks for your help. I did what you suggest me, but my computer lags even if IE is not running (Eg. it lags or slow down my key entry for about a second evrey 15 even if I'm just using Word or Outlook or just clicking on a folder or on my documents). Anyway, I did searched one by one all the files that I found where you told me to look, but all of them are Microsoft products with version, company name, etc. that seemed fine exept for these 3: COMRes.dll - CLBCATQ.dll - OLEAUT32.dll. I hope I did the right thing. Do you think it si useful if I post my HiJack this log? Thank you very much for your time, I really appreciated it. Ciao "S. Taylor" wrote: Go online and browse around until the symptoms occure. Run Spybot in advanced mode, and leave IE running online. In Spybot, click Tools (left pane, bottom), then click Process List (Left Pane) In the top window in the right pane, find and click on IEXPLORE.EXE . Once done, all processes that are created as children of iexplore.exe will be listed in the bottom window. Find each file on your hdd and view it's properties. If you have no 3rd party BHO's or ie pluggins installed, every file listed, should have a Version tab on it's properties window, and the tab should contain company name, version, file description, etc., that should help you decide which are legit and which may not be. "Woldo" wrote in message ... ****correction**** the computer lags every 15/20 seconds for about 1 sec. Please help, what should I do? Thanks a lot ciao "Woldo" wrote: Thanks Greeniewolf for your answer. It all started when I installed home key logger. I uninstalled after a couple of houres and McAffe removed any residual of the software, as well as Ad-awre did. It's seem better now that i run Trend MicroT CWShredderT Version 2.15, but still sometime, like evrey 2/3 minutes the computer lags for about 1 second. What else should I do? Thanks a lot for your help. ciao "Greeniewolf" wrote: Go through the programs installed on your computer manually. It seems to me that you might have still have something that is either logging and tracking your moves or else is disrupting your browser. There are a number of "legitimate" programs that aren't recognized by spybot or whatever that can cuase that, as well as any number of viruses and cusutmized logging tools that can cause that. "Woldo" wrote: Hello and thanks for reading. My computer lags only when I'm on-line. It lag for about 1 second evrething I do (Eg. writing emails, surfing the net or digiting web address. etc). But the strange thing it is perfect when I'm off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk cleanup, deleted cookies and offline content, etc...what else I can do? please help. Thanks Ciao |
#8
|
|||
|
|||
I'm sorry it was my fault that I didn't specify that the lag occures when I'm
connected and not only using IE. I really appreciate your help and thanks for your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-09-30 Includes\Cookies.sbi 2005-09-30 Includes\Dialer.sbi 2005-09-30 Includes\Hijackers.sbi 2005-09-30 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-09-30 Includes\Malware.sbi 2005-09-30 Includes\PUPS.sbi 2005-09-30 Includes\Revision.sbi 2005-09-30 Includes\Security.sbi 2005-09-30 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-09-30 Includes\Trojans.sbi DirectAnimation Java Classes (DirectAnimation Java Classes) DPF name: DirectAnimation Java Classes CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\dajava.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\dajava.cab info link: info source: Patrick M. Kolla Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: Installer: Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) DPF name: CLSID name: Microsoft Office Template and Media Control Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf Codebase: http://office.microsoft.com/templates/ieawsdc.cab description: classification: Open for discussion known filename: IEAWSDC.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: IEAWSDC.DLL Short name: Date (created): 18/12/2003 7:18:46 PM Date (last access): 05/10/2005 1:25:42 AM Date (last write): 18/12/2003 7:18:46 PM Filesize: 87240 Attributes: archive MD5: 094BE746796A8045006E9DDC7BDAA1E1 CRC32: 5BC241BB Version: 11.0.6006.0 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) DPF name: CLSID name: QuickTime Object Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf Codebase: http://www.apple.com/qtactivex/qtplugin.cab description: Apple Quicktime classification: Legitimate known filename: QTPLUGIN.OCX info link: info source: Patrick M. Kolla Path: C:\Program Files\QuickTime\ Long name: QTPlugin.ocx Short name: Date (created): 06/09/2003 9:45:28 PM Date (last access): 05/10/2005 1:20:46 AM Date (last write): 06/09/2003 9:45:28 PM Filesize: 323640 Attributes: archive MD5: 428AF871AAECE123B8121268ABB31D01 CRC32: A6EA252C Version: 6.0.2.1 {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) DPF name: CLSID name: Shockwave ActiveX Control Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://download.macromedia.com/pub/s...irector/sw.cab description: Macromedia ShockWave Flash Player 7 classification: Legitimate known filename: SWDIR.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\SYSTEM32\Macromed\Director\ Long name: SwDir.dll Short name: Date (created): 03/10/2003 6:37:26 PM Date (last access): 05/10/2005 1:20:46 AM Date (last write): 19/07/2005 3:39:26 PM Filesize: 54976 Attributes: archive MD5: 9AB7B8D074FF363415BD3E32F03B0E76 CRC32: 8661EA6D Version: 10.1.0.11 {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) DPF name: CLSID name: Windows Genuine Advantage Validation Tool Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf Codebase: http://go.microsoft.com/fwlink/?linkid=39204 description: classification: Legitimate known filename: LegitCheckControl.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: LegitCheckControl.DLL Short name: LEGITC~1.DLL Date (created): 12/07/2005 6:04:22 PM Date (last access): 05/10/2005 1:24:14 AM Date (last write): 29/08/2005 1:27:12 PM Filesize: 520968 Attributes: archive MD5: 679088DD42AFB105A6DA3F5E876D69B6 CRC32: 80D21320 Version: 1.3.272.0 {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) DPF name: CLSID name: Minesweeper Flags Class Installer: Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab description: classification: Legitimate known filename: minesweeper.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: minesweeper.dll Short name: MINESW~1.DLL Date (created): 29/05/2003 4:00:22 PM Date (last access): 05/10/2005 11:52:08 PM Date (last write): 29/05/2003 4:00:22 PM Filesize: 84064 Attributes: archive MD5: F951FD0EA383DF2D49CA0359E4A86968 CRC32: 50A69718 Version: 7.1.9502.1 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) DPF name: CLSID name: Symantec AntiVirus scanner Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf Codebase: http://security.symantec.com/sscv6/S...in/AvSniff.cab description: Symantec online scanner classification: Legitimate known filename: AVSNIFF.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\Downloaded Program Files\ Long name: avsniff.dll Short name: Date (created): 23/08/2005 10:39:06 AM Date (last access): 05/10/2005 4:18:04 PM Date (last write): 23/08/2005 10:39:06 AM Filesize: 202352 Attributes: archive MD5: 2DCF3A77328FDF7456591318B9BB18E1 CRC32: F32A83F4 Version: 2004.12.14.55 {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) DPF name: CLSID name: Microsoft PID Sniffer Installer: C:\WINDOWS\Downloaded Program Files\odc.inf Codebase: https://support.microsoft.com/OAS/ActiveX/odc.cab description: classification: Legitimate known filename: odc.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: odc.dll Short name: Date (created): 27/10/2004 12:07:58 AM Date (last access): 05/10/2005 1:24:30 AM Date (last write): 27/10/2004 12:07:58 AM Filesize: 277256 Attributes: archive MD5: B6C36FD61195CFE4247EFC094A7A0BF8 CRC32: 34B3B3E9 Version: 3.0.34.0 {33564D57-9980-0010-8000-00AA00389B71} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab description: Microsoft WMV Video Codec classification: Legitimate known filename: WMV9DMO.CAB info link: info source: Patrick M. Kolla {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) DPF name: CLSID name: Office Update Installation Engine Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf Codebase: http://office.microsoft.com/officeup...ntent/opuc.cab description: classification: Legitimate known filename: opuc.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\ Long name: opuc.dll Short name: Date (created): 27/08/2003 4:10:30 AM Date (last access): 05/10/2005 4:20:26 PM Date (last write): 27/08/2003 4:10:30 AM Filesize: 314368 Attributes: archive MD5: 1E32EC4A8A17B19926B49EA5F6B79A76 CRC32: E98FC293 Version: 11.0.5626.0 {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) DPF name: CLSID name: McAfee.com Operating System Class Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf Codebase: http://download.mcafee.com/molbin/sh...4/mcinsctl.cab description: classification: Open for discussion known filename: mcinsctl.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: mcinsctl.dll Short name: Date (created): 26/07/2004 7:13:00 PM Date (last access): 05/10/2005 11:46:56 PM Date (last write): 29/08/2005 7:01:52 PM Filesize: 349760 Attributes: archive MD5: F759370267E3E918782CD57B573D8B6E CRC32: D36141A9 Version: 4.0.0.99 {560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class) DPF name: CLSID name: PhotosCtrlIT Class Installer: C:\WINDOWS\Downloaded Program Files\yphotoIT.inf Codebase: http://it.f1.pg.photos.yahoo.com/ocx...lorer1_9it.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: YPhotoIT.dll Short name: Date (created): 19/12/2002 4:06:58 PM Date (last access): 05/10/2005 4:18:04 PM Date (last write): 19/12/2002 4:06:58 PM Filesize: 455840 Attributes: archive MD5: 7BC1711AA69E6BB9B88F5C3BAC77A451 CRC32: 19B51926 Version: 2002.12.19.1 {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) DPF name: CLSID name: Symantec RuFSI Utility Class Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf Codebase: http://security.symantec.com/sscv6/S.../bin/cabsa.cab description: classification: Legitimate known filename: rufsi.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: rufsi.dll Short name: Date (created): 23/08/2005 10:39:18 AM Date (last access): 05/10/2005 4:18:04 PM Date (last write): 23/08/2005 10:39:18 AM Filesize: 161432 Attributes: archive MD5: B6A2E5AB5CABC2D97ECD590E1C868C8E CRC32: 8F916297 Version: 2004.6.23.42 {69432678-2906-2705-1128-068943397621} () DPF name: CLSID name: Installer: Codebase: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) DPF name: CLSID name: MUWebControl Class Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf Codebase: http://update.microsoft.com/microsof...?1128362612796 description: classification: Legitimate known filename: muweb.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: muweb.dll Short name: Date (created): 26/05/2005 4:19:32 AM Date (last access): 05/10/2005 1:24:24 AM Date (last write): 26/05/2005 4:19:32 AM Filesize: 178408 Attributes: archive MD5: EE37AA2C0700221CD8B02FADCD4C7FB5 CRC32: F5494B06 Version: 5.8.0.2469 {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) DPF name: CLSID name: MessengerStatsClient Class Installer: Codebase: http://messenger.zone.msn.com/binary...tatsClient.cab description: classification: Legitimate known filename: messengerstatsclient.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: messengerstatsclient.dll Short name: MESSEN~1.DLL Date (created): 29/05/2003 4:00:20 PM Date (last access): 05/10/2005 4:18:04 PM Date (last write): 29/05/2003 4:00:20 PM Filesize: 160864 Attributes: archive MD5: B069B555A00AA026F657AA4FD13AE154 CRC32: 89BB01E1 Version: 7.1.9502.1 {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) DPF name: CLSID name: CustomerCtrl Class Installer: Codebase: http://cs7b.instantservice.com/jars/...rxsigned40.cab description: classification: Open for discussion known filename: customerclient.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: customerclient.dll Short name: CUSTOM~1.DLL Date (created): 06/11/2003 12:55:34 PM Date (last access): 05/10/2005 11:52:00 PM Date (last write): 06/11/2003 12:55:34 PM Filesize: 143360 Attributes: archive MD5: CD9EBC1AF5DE9B067906FEDB4B91FA5E CRC32: D1922662 Version: 4.0.0.0 {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) DPF name: CLSID name: InstallShield International Setup Player Installer: C:\WINDOWS\Downloaded Program Files\isetup.inf Codebase: http://www.installengine.com/engine/isetup.cab description: classification: Open for discussion known filename: isetup.dll info link: info source: Safer Networking Ltd. Path: c:\windows\downlo~1\ Long name: iSetup.dll Short name: Date (created): 05/09/2001 5:22:02 AM Date (last access): 05/10/2005 11:51:54 PM Date (last write): 05/09/2001 5:22:02 AM Filesize: 24576 Attributes: archive MD5: 04A32A90F6F96727D448417FA13D868F CRC32: C31FE0EF Version: 6.31.100.1190 {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) DPF name: CLSID name: MSN File Upload Control Installer: C:\WINDOWS\Downloaded Program Files\MsnUpld.inf Codebase: http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab description: classification: Open for discussion known filename: MsnUpld.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\DOWNLO~1\ Long name: MsnUpld.dll Short name: Date (created): 19/05/2003 3:30:40 PM Date (last access): 05/10/2005 11:51:52 PM Date (last write): 19/05/2003 3:30:40 PM Filesize: 205880 Attributes: archive MD5: 0F6F48E86D0F5FE47E4C7D364B7C579B CRC32: 72C6AB39 Version: 9.0.305.1501 {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) DPF name: CLSID name: MsnMessengerSetupDownloadControl Class Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf Codebase: http://messenger.msn.com/download/Ms...Downloader.cab description: classification: Legitimate known filename: MsnMessengerSetupDownloader.ocx info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: MsnMessengerSetupDownloader.ocx Short name: MSNMES~1.OCX Date (created): 17/03/2005 2:48:34 PM Date (last access): 05/10/2005 11:51:48 PM Date (last write): 17/03/2005 2:48:34 PM Filesize: 113152 Attributes: archive MD5: 92D24B6643919005213F60D5B537196A CRC32: 31684779 Version: 1.0.0.2 {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) DPF name: CLSID name: DwnldGroupMgr Class Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf Codebase: http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab description: classification: Open for discussion known filename: McGDMgr.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\system32\ Long name: McGDMgr.dll Short name: Date (created): 22/07/2004 11:57:56 AM Date (last access): 05/10/2005 11:46:56 PM Date (last write): 24/05/2005 7:23:32 PM Filesize: 288320 Attributes: archive MD5: DAD85986ECE72BC56A535FCC116AA6DD CRC32: 6B1048D3 Version: 1.0.0.26 {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) DPF name: CLSID name: MSN Photo Upload Tool Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf Codebase: http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab description: classification: Legitimate known filename: MsnPUpld.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: MsnPUpld.dll Short name: Date (created): 17/09/2003 2:15:16 PM Date (last access): 05/10/2005 11:51:42 PM Date (last write): 17/09/2003 2:15:16 PM Filesize: 318032 Attributes: archive MD5: 8A5CEF5AC81CBA285FFB673CF5FEE5CB CRC32: 3B8799AA Version: 9.0.917.0 {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) DPF name: CLSID name: Zylom Loader Object Installer: C:\WINDOWS\Downloaded Program Files\zylomloader.inf Codebase: http://eu.download.games.yahoo.com/z...ylomloader.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: zylomloader.dll Short name: ZYLOML~1.DLL Date (created): 15/06/2004 9:52:56 AM Date (last access): 05/10/2005 11:51:40 PM Date (last write): 15/06/2004 9:52:56 AM Filesize: 221184 Attributes: archive MD5: F51AC085F67FA113F37290FDD8655BB1 CRC32: C26A0BE3 Version: 1.0.0.6 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf Codebase: http://download.macromedia.com/pub/s...sh/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\System32\macromed\flash\ Long name: Flash.ocx Short name: Date (created): 08/12/2003 3:01:58 PM Date (last access): 05/10/2005 11:07:00 PM Date (last write): 08/12/2003 3:01:58 PM Filesize: 933888 Attributes: archive MD5: F7E435D02F7A48120B746E33254A70BC CRC32: 02AF493D Version: 7.0.19.0 {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) DPF name: CLSID name: SproutLauncherCtrl Class Installer: C:\WINDOWS\Downloaded Program Files\SproutLauncher.inf Codebase: http://www.shockwave.com/content/fee...utLauncher.cab description: classification: Legitimate known filename: SproutWebLauncher.dll info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: SproutWebLauncher.dll Short name: SPROUT~1.DLL Date (created): 04/08/2004 7:55:26 PM Date (last access): 05/10/2005 11:51:38 PM Date (last write): 04/08/2004 7:55:26 PM Filesize: 151552 Attributes: archive MD5: 46645B5CD2ABE8C4E3F3C24B499C2031 CRC32: 45087C7B Version: 1.0.0.8 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) DPF name: CLSID name: PopCapLoader Object Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf Codebase: http://download.games.yahoo.com/game...ploader_v5.cab description: classification: Open for discussion known filename: POPCAPLOADER.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: popcaploader.dll Short name: POPCAP~1.DLL Date (created): 19/12/2003 5:02:06 PM Date (last access): 05/10/2005 11:51:34 PM Date (last write): 19/12/2003 5:02:06 PM Filesize: 126976 Attributes: archive MD5: 3FDDB5EE807DD371405B305ABDAE3529 CRC32: F4B06292 Version: 1.0.0.5 {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) DPF name: CLSID name: BTDownloadCtrl Control Installer: C:\WINDOWS\Downloaded Program Files\btdownload.inf Codebase: http://www.shockwave.com/content/thi...wnloadCtrl.cab description: classification: Open for discussion known filename: BTDOWN~1.OCX info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\DOWNLO~1\ Long name: BTDownloadCtrl.ocx Short name: BTDOWN~1.OCX Date (created): 29/08/2003 11:07:04 AM Date (last access): 05/10/2005 11:51:30 PM Date (last write): 29/08/2003 11:07:04 AM Filesize: 36864 Attributes: archive MD5: 811C694944A8BC5C48181BCD876C07F4 CRC32: 18C1774B Version: 1.0.0.4 BHO --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-09-30 Includes\Cookies.sbi 2005-09-30 Includes\Dialer.sbi 2005-09-30 Includes\Hijackers.sbi 2005-09-30 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-09-30 Includes\Malware.sbi 2005-09-30 Includes\PUPS.sbi 2005-09-30 Includes\Revision.sbi 2005-09-30 Includes\Security.sbi 2005-09-30 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-09-30 Includes\Trojans.sbi {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: AcroIEhelper.ocxbrAcroIEhelper.dll info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 15/05/2003 1:47:54 AM Date (last access): 05/10/2005 11:06:52 PM Date (last write): 15/05/2003 1:47:54 AM Filesize: 50376 Attributes: archive MD5: 0C0E1B2BCAED8DF401BE94D538BCB412 CRC32: 1D771322 Version: 6.0.0.878 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDhelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 03/10/2005 1:15:46 PM Date (last access): 05/10/2005 11:06:52 PM Date (last write): 31/05/2005 1:04:00 AM Filesize: 853672 Attributes: archive MD5: 250D787A5712D7768DDC133B3E477759 CRC32: D4589A41 Version: 1.4.0.0 {69A87B7D-DE56-4136-9655-716BA50C19C7} (Google Web Accelerator Helper) BHO name: Google Web Accelerator Helper CLSID name: &Google Web Accelerator Helper Path: C:\Program Files\Google\Web Accelerator\ Long name: GoogleWebAccToolbar.dll Short name: GOOGLE~1.DLL Date (created): 20/09/2005 3:41:40 PM Date (last access): 05/10/2005 11:06:52 PM Date (last write): 20/09/2005 3:41:40 PM Filesize: 233472 Attributes: archive MD5: 5179D395A405728DCEDA5AD391AD5AE9 CRC32: 474F387B ---------------------END OF LIST-------------------------------------------------- |
#9
|
|||
|
|||
START UP LIST
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-09-30 Includes\Cookies.sbi 2005-09-30 Includes\Dialer.sbi 2005-09-30 Includes\Hijackers.sbi 2005-09-30 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-09-30 Includes\Malware.sbi 2005-09-30 Includes\PUPS.sbi 2005-09-30 Includes\Revision.sbi 2005-09-30 Includes\Security.sbi 2005-09-30 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-09-30 Includes\Trojans.sbi Located: HK_LM:Run, gcasServ command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe size: 473928 MD5: 263740ede788a60a6c0a47249fc410bf Located: HK_LM:Run, MCAgentExe command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe size: 303104 MD5: 9d3216a4e7205453aea3e6c445f23261 Located: HK_LM:Run, MCUpdateExe command: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe size: 212992 MD5: 612ecc8413abf6c2f8d57b8485535025 Located: HK_LM:Run, MPFEXE command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe size: 999424 MD5: d8e2a541bfcbc0ebd090c1d8bff96435 Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\RUNDLL32.EXE size: 33280 MD5: da285490bbd8a1d0ce6623577d5ba1ff Located: HK_LM:Run, OASClnt command: C:\Program Files\McAfee.com\VSO\oasclnt.exe file: C:\Program Files\McAfee.com\VSO\oasclnt.exe size: 53248 MD5: 76e033f33912bfaca4a05be8d1f3a740 Located: HK_LM:Run, VirusScan Online command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe size: 163840 MD5: b154ac6dbd82f96476003e58e1625bd8 Located: HK_LM:Run, VSOCheckTask command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe size: 151552 MD5: 3c943ceb913520f9981d82db93ba7a8a Located: HK_CU:Run, UninstallAbility command: "C:\Program Files\UninstallAbility\uability.exe" /AUTO file: C:\Program Files\UninstallAbility\uability.exe size: 740352 MD5: 225ecfd9f305f7f022be813195c4e05f Located: Startup (common), Run Google Web Accelerator.lnk command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe size: 483328 MD5: 446b2afd73aa956be81d7d057a7ec481 Located: Startup (disabled), AOL 7.0 Tray Icon (DISABLED) command: file: Located: Startup (disabled), Digital Line Detect (DISABLED) command: C:\PROGRA~1\DIGITA~1\DLG.exe file: C:\PROGRA~1\DIGITA~1\DLG.exe size: 24576 MD5: d59b254a0d0d3456c9e522e65d662777 Located: Startup (disabled), Exif Launcher (DISABLED) command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe size: 200704 MD5: bf0e0b83e4b2e1bbf5a77359728c92bc Located: Startup (disabled), Microsoft Office (DISABLED) command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE size: 83360 MD5: 5bc65464354a9fd3beaa28e18839734a Located: Startup (disabled), MSupdater (DISABLED) command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSupdater.exe file: Located: Startup (disabled), WinZip Quick Pick (DISABLED) command: C:\PROGRA~1\WinZip\WZQKPICK.EXE file: C:\PROGRA~1\WinZip\WZQKPICK.EXE size: 106560 MD5: 2fe253973433442c2cb234fb2bc4bf29 Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, wlballoon command: wlnotify.dll file: wlnotify.dll -----------------------PROCESS LIST-------------------------- --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-09-30 Includes\Cookies.sbi 2005-09-30 Includes\Dialer.sbi 2005-09-30 Includes\Hijackers.sbi 2005-09-30 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-09-30 Includes\Malware.sbi 2005-09-30 Includes\PUPS.sbi 2005-09-30 Includes\Revision.sbi 2005-09-30 Includes\Security.sbi 2005-09-30 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-09-30 Includes\Trojans.sbi PID: 0 ( 0) [System] PID: 584 ( 4) \SystemRoot\System32\smss.exe PID: 632 ( 584) \??\C:\WINDOWS\system32\csrss.exe PID: 656 ( 584) \??\C:\WINDOWS\system32\winlogon.exe PID: 700 ( 656) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 872 ( 700) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 940 ( 700) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1032 ( 700) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1088 ( 700) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1204 ( 700) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1380 ( 700) C:\WINDOWS\system32\LEXBCES.EXE size: 303104 MD5: 2B7005BD9E0966CCCF70AE9A5B9D2427 PID: 1404 ( 700) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PID: 1640 ( 700) C:\WINDOWS\System32\CTsvcCDA.exe size: 44032 MD5: 3C8B6609712F4FF78E521F6DCFC4032B PID: 1692 ( 700) c:\program files\mcafee.com\agent\mcdetect.exe size: 126976 MD5: 920848F7B932B9CD543720F376E02A30 PID: 1760 ( 700) c:\PROGRA~1\mcafee.com\vso\mcshield.exe size: 221184 MD5: FAE84A2F9C11B7C532950BF0AE1EC26A PID: 1924 ( 700) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe size: 122368 MD5: A214E217784D1002411DCA8E9793D4A4 PID: 1972 ( 700) C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe size: 548864 MD5: 6F6B2E2D37FFB20AE10C6A5ED4FAAA66 PID: 2000 ( 700) C:\WINDOWS\system32\nvsvc32.exe size: 127043 MD5: F5CA5A3E07FE3FEFA48B620A25BE5863 PID: 456 ( 700) C:\WINDOWS\system32\wdfmgr.exe size: 38912 MD5: C81B8635DEE0D3EF5F64B3DD643023A5 PID: 560 ( 700) C:\WINDOWS\System32\MsPMSPSv.exe size: 53520 MD5: 581176F60885AEF8F78C6E38DCC3CDF9 PID: 1000 ( 700) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 2908 ( 700) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 1896 (1892) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 3148 (1896) C:\PROGRA~1\mcafee.com\agent\mcagent.exe size: 303104 MD5: 9D3216A4E7205453AEA3E6C445F23261 PID: 236 (1896) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe size: 999424 MD5: D8E2A541BFCBC0EBD090C1D8BFF96435 PID: 3160 (1896) C:\Program Files\McAfee.com\VSO\mcvsshld.exe size: 163840 MD5: B154AC6DBD82F96476003E58E1625BD8 PID: 3152 (1896) C:\Program Files\McAfee.com\VSO\oasclnt.exe size: 53248 MD5: 76E033F33912BFACA4A05BE8D1F3A740 PID: 2872 (3160) c:\progra~1\mcafee.com\vso\mcvsescn.exe size: 483328 MD5: 3B1A1BAA8D7444DEFCE4093611212ED6 PID: 2876 (1896) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe size: 473928 MD5: 263740EDE788A60A6C0A47249FC410BF PID: 1980 ( 872) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe size: 756552 MD5: 21BD4696317A4A6383F86CDC5E026BFD PID: 256 ( 872) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe size: 524288 MD5: 63F0213D5004325377D06BA94B64FB61 PID: 3764 (1896) C:\WINDOWS\system32\lexpps.exe size: 174592 MD5: 7A4CC92D2A23D34934C71C61671E3A7C PID: 3756 (1896) C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe size: 483328 MD5: 446B2AFD73AA956BE81D7D057A7EC481 PID: 1140 (3756) C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe size: 1126400 MD5: 19290208A6CBCFF4BC96AF198FA35892 PID: 1716 ( 872) C:\WINDOWS\system32\wisptis.exe size: 293376 MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8 PID: 1148 ( 700) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 3948 (1896) C:\Program Files\Internet Explorer\iexplore.exe size: 93184 MD5: E7484514C0464642BE7B4DC2689354C8 PID: 2180 (1896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System PID: 1056 (1896) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE size: 214528 MD5: F0543ACEEB5CD8821469958C9F3DD9A4 |
#10
|
|||
|
|||
I've inserted comments tbru out your post.
"Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
#11
|
|||
|
|||
Hi and thanks again.
just one thing since I'm not an espert...how do I kill unins000.exe? ...second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot but nothing came out. I noticed though that when my McAffe firewall is disabled the lag does not occur...now i'm trying to kill unins000.exe but I don't know how...or maybe I need more time to figure it out. I beleive that all this mess has been created by homekeylogger, which i downoladed on my pc for a couple of houres and unistalled but this is the result....thanks for your patience ciao "S. Taylor" wrote: I've inserted comments tbru out your post. "Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
#12
|
|||
|
|||
From within Spybot, check the BHO's & Startup Items for any references to
it. Once you find it uncheck the box next to it. What about aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) are you confident these are from a legitimate installation? "Woldo" wrote in message ... Hi and thanks again. just one thing since I'm not an espert...how do I kill unins000.exe? ..second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot but nothing came out. I noticed though that when my McAffe firewall is disabled the lag does not occur...now i'm trying to kill unins000.exe but I don't know how...or maybe I need more time to figure it out. I beleive that all this mess has been created by homekeylogger, which i downoladed on my pc for a couple of houres and unistalled but this is the result....thanks for your patience ciao "S. Taylor" wrote: I've inserted comments tbru out your post. "Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
#13
|
|||
|
|||
I checked in Spybot those files but I didn't find anything suspicious.
Evrething was ok. About aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) I'm not sure if they were from a legitimate installation....as I wrote you before I did install home key logger on purpose but since I uninstalled it the computer started lagging. BTW I just found out the the company that made the software (home keylogger) doesn't exist anymore....hmmm. Maybe I should eliminate them? How? I'm not a computer expert....as a matter of fact I'm learning a lot in these days from you... thanks again "S. Taylor" wrote: From within Spybot, check the BHO's & Startup Items for any references to it. Once you find it uncheck the box next to it. What about aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) are you confident these are from a legitimate installation? "Woldo" wrote in message ... Hi and thanks again. just one thing since I'm not an espert...how do I kill unins000.exe? ..second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot but nothing came out. I noticed though that when my McAffe firewall is disabled the lag does not occur...now i'm trying to kill unins000.exe but I don't know how...or maybe I need more time to figure it out. I beleive that all this mess has been created by homekeylogger, which i downoladed on my pc for a couple of houres and unistalled but this is the result....thanks for your patience ciao "S. Taylor" wrote: I've inserted comments tbru out your post. "Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
#14
|
|||
|
|||
If you didn't install AATools
Then read the info at http://www3.ca.com/securityadvisor/p...x?id=453078732 about the fake vesrion and clean it out. "Woldo" wrote in message ... I checked in Spybot those files but I didn't find anything suspicious. Evrething was ok. About aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) I'm not sure if they were from a legitimate installation....as I wrote you before I did install home key logger on purpose but since I uninstalled it the computer started lagging. BTW I just found out the the company that made the software (home keylogger) doesn't exist anymore....hmmm. Maybe I should eliminate them? How? I'm not a computer expert....as a matter of fact I'm learning a lot in these days from you... thanks again "S. Taylor" wrote: From within Spybot, check the BHO's & Startup Items for any references to it. Once you find it uncheck the box next to it. What about aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) are you confident these are from a legitimate installation? "Woldo" wrote in message ... Hi and thanks again. just one thing since I'm not an espert...how do I kill unins000.exe? ..second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot but nothing came out. I noticed though that when my McAffe firewall is disabled the lag does not occur...now i'm trying to kill unins000.exe but I don't know how...or maybe I need more time to figure it out. I beleive that all this mess has been created by homekeylogger, which i downoladed on my pc for a couple of houres and unistalled but this is the result....thanks for your patience ciao "S. Taylor" wrote: I've inserted comments tbru out your post. "Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
#15
|
|||
|
|||
Hi,
You know what I just found out? I run a search with start/search for the 3 files (aports.dll UnzDll.dll ZipDll.dll) and the result is that there are all part of C:\Program Files\Spybot - Search & Destroy. So I beleive that there legitimate. As you told me I downloaded AA Tools and run it, but nothing came out, exepct that my register was full of broken keys and I eliminated them. I don't know what else to do. By mistake I also erase a key (HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\Bgure Cebqhpgf.yax) and I'm trying to recreate it, but I don't know what were the values of the key (Binary 16 bytes)...help!!!! Thanks "S. Taylor" wrote: If you didn't install AATools Then read the info at http://www3.ca.com/securityadvisor/p...x?id=453078732 about the fake vesrion and clean it out. "Woldo" wrote in message ... I checked in Spybot those files but I didn't find anything suspicious. Evrething was ok. About aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) I'm not sure if they were from a legitimate installation....as I wrote you before I did install home key logger on purpose but since I uninstalled it the computer started lagging. BTW I just found out the the company that made the software (home keylogger) doesn't exist anymore....hmmm. Maybe I should eliminate them? How? I'm not a computer expert....as a matter of fact I'm learning a lot in these days from you... thanks again "S. Taylor" wrote: From within Spybot, check the BHO's & Startup Items for any references to it. Once you find it uncheck the box next to it. What about aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) are you confident these are from a legitimate installation? "Woldo" wrote in message ... Hi and thanks again. just one thing since I'm not an espert...how do I kill unins000.exe? ..second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot but nothing came out. I noticed though that when my McAffe firewall is disabled the lag does not occur...now i'm trying to kill unins000.exe but I don't know how...or maybe I need more time to figure it out. I beleive that all this mess has been created by homekeylogger, which i downoladed on my pc for a couple of houres and unistalled but this is the result....thanks for your patience ciao "S. Taylor" wrote: I've inserted comments tbru out your post. "Woldo" wrote in message ... I'm sorry it was my fault that I didn't specify that the lag occures when I'm connected and not only using IE. I really appreciate your help and thanks for No sweat, i wasn't blaming you i was kicking myself for assuming your time. I'm posting my ActiveX list first, then BHO's. Start Up and Process I have to post it in another message since the limit is 30000 words... Thanks again. Ciao ACTIVEX --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-10-03 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) Are these from Spybots Process list ? If so, what start up item did you disable? (Blindman.exe is used by Spybot to prevent the start of any Startup Items that you disable) (Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html ) I've had trouble with TeaTimer causing lag on Windows 98. Try disabling it, to see if it's the source of your lag, also. I don't think unins000.exe should be running, unless you had recently uninstalled something and it failed to unload. Make sure it's not loading with windows I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble in programing? Should they still be loaded? aports.dll UnzDll.dll (1.73.1.1) ZipDll.dll (1.73.2.0) Oh boy, you may have some trouble here .. I'm going to end any further comments and focus on this entry First check out http://www3.ca.com/securityadvisor/p...x?id=453078732 about AATools, AATools 4.30, AATools 4.31 & AATools 5.56 Now as i understand it, there is a legitimate series of utilities called AATools and there malicious versions of these tools made by someone else that pretends to be the legit version. If you're sure you're using a legit version let me know and i'll continue reviewing this list. |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How get more characters per line in "DOS window"? | Klaus Meinhard | Customizing Windows XP | 9 | May 6th 05 12:06 AM |
Command Line Questions | Sam Horwood | Customizing Windows XP | 1 | November 17th 04 10:41 PM |
"Frequently Asked Questions about CMD.EXE Command Line Scripts" | Timo Salmi | General XP issues or comments | 0 | July 25th 04 12:01 PM |
"Frequently Asked Questions about CMD.EXE Command Line Scripts" | Timo Salmi | General XP issues or comments | 0 | July 25th 04 09:29 AM |
"Frequently Asked Questions about CMD.EXE Command Line Scripts" | Timo Salmi | General XP issues or comments | 0 | July 24th 04 07:47 AM |