Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
After a bit of research into why my browser is so slow to type, and why I couldn't access my options menu in IE6, I discovered this forum! Could someone have a look at the log below and tell me if there's anything I need to delete?
I also run AVG continally. I have Spybot and Ad-Aware, but I was under the impression that Spybot was the culprit in making things run so slowly. I've reinstalled it along with Ad Aware.
I also went to one of the online antivirus sites and it found 2 that say "unable to clean",
BKDR DELF.CY
WORM FRIENDGRT.BI looked them both up on Symantec's site, but before deleting them thought it was best to check here and see if HijackThis noted anything first.
Thanks in advance for any help!
Logfile of HijackThis v1.97.2
Scan saved at 12:20:54 PM, on 9/14/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\GWHOTKEY.exe
C:\WINDOWS\STARTER.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\PROGRAM FILES\SILICON PRAIRIE SOFTWARE\MEMTURBO\MEMTURBO.exe
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.exe
C:\WINDOWS\DESKTOP\TODAY'S DOWNLOADS\HIJACKTHIS\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.1stpagehere.com/hp2.php
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.yahoo.com"); (C:\Program Files\Netscape\Users\mwnjw\prefs.js)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5,0,2,0.DLL
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SpyBlocker] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\spyblocker.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Adaware Bootup] C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.exe /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - Startup: Systray.lnk = C:\WINDOWS\SYSTEM\SYSTRAY.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\Outlook Express.exe
O4 - Startup: Microsoft Mouse.lnk = C:\Program Files\Microsoft Hardware\Mouse\dplaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: Yahoo! Canasta - http://download.yahoo.com/games/clients/y/yr0_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: Yahoo! Dice - http://yog2.yahoo.com/yog/y/dcq1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.yahoo.com/games/clients/y/mjsr4_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.yahoo.com/games/clients/y/xr2_x.cab
O16 - DPF: Yahoo! Go Fish - http://yog1.games.snv.yahoo.com/yog/y/zq0_x.cab
O16 - DPF: Yahoo! Spades - http://yog31.yahoo.com/yog/y/sq1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: Yahoo! Literati - http://download.yahoo.com/games/clients/y/ts0_x.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.gateway.com/support/contact/serial/gwCID.CAB
O16 - DPF: Yahoo! Blackjack - http://download.yahoo.com/games/clients/y/jr1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog2.games.snv.yahoo.com/yog/y/ks11_x.cab
O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.com/orbiter11020/winorbiter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: Yahoo! Graffiti - http://download.yahoo.com/games/clients/y/grs0_x.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: Yahoo! MahJong - http://download.yahoo.com/games/clients/y/or2_x.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www101.coolsavings.com/download/cscmv4X.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://66.28.46.99/update5/isetup.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37872.3854398148
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.socal.xmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/vet_install_popup.pl?1&04.00.07.02&http://www.bhg.com/bhg/category.jhtml?categoryid=/templatedata/bhg/category/data/coloraroom_livingroom4.xml
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O19 - User stylesheet: c:\windows\system.css
i dont see any viruses...but it's abundantly clear why your browser is running so slow.
each new process that's loaded slows your system down by a factor of 2x..these things dont just take a direct route but every time you click , lets say , a desktop object, the signal runs thru all the running processes to check if any hooks apply to it before it opens..just because IE is connected to the web doesn't mean it ignores the desktop routine, and IE is already a slow browser..
I dont see how including those registry entries except the 'run' ones helps with understanding your question either..but anyways..
try to go into options of some of those apps you dont use all the time and disable 'load at startup'..if AVG is set to scan all files all the time , that doesnt help your speed any either..you only need to scan new files.
same with adaware...you only have to check for spyware occasionaly..if you try to catch it the second it lands on your drive, by running it full time you'll slow things an awful lot...
your registry also has a number of orther apps in the 'run' section , all set to run on boot, that seem a bit much..even a second spyware blocker...are two spyware progs necessary?
Im a little unclear about your processor as you entered p3500...did you mean a p3, at 500 mH?
if so thats way too slow for all that stuff, either load less stuff at boot or move up to 1200 mH or so....
0 
mwnjw
You have three separate issues here:
1. Virus (you have to take care of this first)
-BKDR_DELF.CY
This backdoor is one of the malware files that WORM_SOBIG.A downloads on its infected systems. It imports Application Program Interface (API) functions, HookKeyBoard and Hooked to intercept keyboard events, which consequently, monitors keystrokes made on the affected system.
This malicious DLL is a component of MPTASK.EXE, which antivirus detects as BKDR_DELF.DA.
Since it's a part of WORM_SOBIG.A virus, I would use instructions frim here to take care of it:
WORM_SOBIG.A Removal
-WORM FRIENDGRT.B
Use instructions from here to remove it:
WORM_FRIENDGRT.B Removal2.Spybot, and Ad-aware are used to track, and remove spywares, not viruses, so run both of them next, and remove whatever they recommend. Spybot won't slow your system, since it's not a startup program. It just sits on your computer doing nothing until you employ it. Same goes for Ad-aware.
3. "HijackThis" detects so called "browser hijackers". Post your "HijackThis" log on this forum:
Spywareinfo Forum
Those people there do notjing else, but analyze post like yours. Usually you got an answer within 24 hours. Make sure to subscribe to an e-mail notification, so you know, when someone answers.
Good luck
0
Dominicus, thanks for your advice. You said this "your registry also has a number of orther apps in the 'run' section , all set to run on boot, that seem a bit much..even a second spyware blocker...are two spyware progs necessary?" Good question. Not sure what they are, or I could tell you which one I thought I'd already uninstalled.
You also said "Im a little unclear about your processor as you entered p3500...did you mean a p3, at 500 mH?" Yes, I did mean that, sorry -- didn't really make it that clear, I guess.BRONI: Thanks tons for your advice. I removed the viruses first, then reinstalled Spybot and cleared out all the spyware. I then ran the HijackThis log and posted it to the Spyware forum. I cannot seem to locate a "process viewer" app, though. When I hit ctrl-alt-del, I don't think I'm getting everything that's currently running. So if you know of a good one, I'd like to try that.
INWINTER: I will try deleting that line and see if it helps. Thanks for the advice.
0
Broni -- thanks! This viewer helps a lot. I knew there was more stuff there, but couldn't see it.
Inwinter -- thanks! Deleting that line fixed the slow typing. FINALLY my cursor keeps up with me!
Still working on getting the HijackThis log read on the Spyware forum. You all have been SO helpful -- thank you so much! You're awesome!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
