Lag only when on-line

[Guest]

Hello and thanks for reading. My computer lags only when I'm on-line. It lag
for about 1 second evrething I do (Eg. writing emails, surfing the net or
digiting web address. etc). But the strange thing it is perfect when I'm
off-line!!! I run updated Ad-Aware, Spybot, Microsoft Antispyware, Malicius
removal tool, Microsoft Baseline Security Analyzer 2.0, deleted %temp%, disk
cleanup, deleted cookies and offline content, etc...what else I can do?
please help.

Thanks

Ciao

 

[Guest]

Go through the programs installed on your computer manually. It seems to me
that you might have still have something that is either logging and tracking
your moves or else is disrupting your browser. There are a number of
"legitimate" programs that aren't recognized by spybot or whatever that can
cuase that, as well as any number of viruses and cusutmized logging tools
that can cause that.

 

[Guest]

Thanks Greeniewolf for your answer. It all started when I installed home key
logger. I uninstalled after a couple of houres and McAffe removed any
residual of the software, as well as Ad-awre did. It's seem better now that i
run Trend Microâ„¢ CWShredderâ„¢ Version 2.15, but still sometime, like evrey 2/3
minutes the computer lags for about 1 second. What else should I do? Thanks a
lot for your help.

ciao

 

[Guest]

****correction**** the computer lags every 15/20 seconds for about 1 sec.

Please help, what should I do?

Thanks a lot

ciao

 

[S. Taylor]

Go online and browse around until the symptoms occure.
Run Spybot in advanced mode, and leave IE running online.
In Spybot, click Tools (left pane, bottom), then click Process List (Left
Pane)
In the top window in the right pane, find and click on IEXPLORE.EXE .
Once done, all processes that are created as children of iexplore.exe will
be listed
in the bottom window.
Find each file on your hdd and view it's properties.
If you have no 3rd party BHO's or ie pluggins installed, every file listed,
should have
a Version tab on it's properties window, and the tab should contain company
name, version,
file description, etc., that should help you decide which are legit and
which may not be.

 

[Guest]

Hi Taylor,
thanks for your help. I did what you suggest me, but my computer lags even
if IE is not running (Eg. it lags or slow down my key entry for about a
second evrey 15 even if I'm just using Word or Outlook or just clicking on a
folder or on my documents). Anyway, I did searched one by one all the files
that I found where you told me to look, but all of them are Microsoft
products with version, company name, etc. that seemed fine exept for these 3:
COMRes.dll - CLBCATQ.dll - OLEAUT32.dll.

I hope I did the right thing. Do you think it si useful if I post my HiJack
this log?

Thank you very much for your time, I really appreciated it.

Ciao

 

[S. Taylor]

Those 3 files exist on my system, too.
I'm sorry, when you wrote that the lag occures only when online, i assumed,
it occured while or after using IE.
If you mean, that it only lags when you're connected to the internet, no
matter what you're actually doing, then you may have a program running that
only becomes active when a connection is
detected.

I'm running XP SP2, if you'd like to compare your processes to mine,
then use Spybot to make a list of installed ActiveX, BHO's, Start Up Items,
and Processes.
Post them as a reply and i'll compare it to mine.

 

[Guest]

I'm sorry it was my fault that I didn't specify that the lag occures when I'm
connected and not only using IE. I really appreciate your help and thanks for
your time. I'm posting my ActiveX list first, then BHO's. Start Up and
Process I have to post it in another message since the limit is 30000 words...
Thanks again. Ciao

ACTIVEX

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\PUPS.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\Trojans.sbi

DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media
Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/templates/ieawsdc.cab
description:
classification: Open for discussion
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 18/12/2003 7:18:46 PM
Date (last access): 05/10/2005 1:25:42 AM
Date (last write): 18/12/2003 7:18:46 PM
Filesize: 87240
Attributes: archive
MD5: 094BE746796A8045006E9DDC7BDAA1E1
CRC32: 5BC241BB
Version: 11.0.6006.0

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 06/09/2003 9:45:28 PM
Date (last access): 05/10/2005 1:20:46 AM
Date (last write): 06/09/2003 9:45:28 PM
Filesize: 323640
Attributes: archive
MD5: 428AF871AAECE123B8121268ABB31D01
CRC32: A6EA252C
Version: 6.0.2.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase:
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 03/10/2003 6:37:26 PM
Date (last access): 05/10/2005 1:20:46 AM
Date (last write): 19/07/2005 3:39:26 PM
Filesize: 54976
Attributes: archive
MD5: 9AB7B8D074FF363415BD3E32F03B0E76
CRC32: 8661EA6D
Version: 10.1.0.11

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 12/07/2005 6:04:22 PM
Date (last access): 05/10/2005 1:24:14 AM
Date (last write): 29/08/2005 1:27:12 PM
Filesize: 520968
Attributes: archive
MD5: 679088DD42AFB105A6DA3F5E876D69B6
CRC32: 80D21320
Version: 1.3.272.0

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 4:00:22 PM
Date (last access): 05/10/2005 11:52:08 PM
Date (last write): 29/05/2003 4:00:22 PM
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase:
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 23/08/2005 10:39:06 AM
Date (last access): 05/10/2005 4:18:04 PM
Date (last write): 23/08/2005 10:39:06 AM
Filesize: 202352
Attributes: archive
MD5: 2DCF3A77328FDF7456591318B9BB18E1
CRC32: F32A83F4
Version: 2004.12.14.55

{31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer)
DPF name:
CLSID name: Microsoft PID Sniffer
Installer: C:\WINDOWS\Downloaded Program Files\odc.inf
Codebase: https://support.microsoft.com/OAS/ActiveX/odc.cab
description:
classification: Legitimate
known filename: odc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: odc.dll
Short name:
Date (created): 27/10/2004 12:07:58 AM
Date (last access): 05/10/2005 1:24:30 AM
Date (last write): 27/10/2004 12:07:58 AM
Filesize: 277256
Attributes: archive
MD5: B6C36FD61195CFE4247EFC094A7A0BF8
CRC32: 34B3B3E9
Version: 3.0.34.0

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 4:10:30 AM
Date (last access): 05/10/2005 4:20:26 PM
Date (last write): 27/08/2003 4:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 11.0.5626.0

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase:
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
description:
classification: Open for discussion
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 26/07/2004 7:13:00 PM
Date (last access): 05/10/2005 11:46:56 PM
Date (last write): 29/08/2005 7:01:52 PM
Filesize: 349760
Attributes: archive
MD5: F759370267E3E918782CD57B573D8B6E
CRC32: D36141A9
Version: 4.0.0.99

{560F0128-CF3D-4368-BEE9-326FBC3270E1} (PhotosCtrlIT Class)
DPF name:
CLSID name: PhotosCtrlIT Class
Installer: C:\WINDOWS\Downloaded Program Files\yphotoIT.inf
Codebase: http://it.f1.pg.photos.yahoo.com/ocx/it/yexplorer1_9it.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: YPhotoIT.dll
Short name:
Date (created): 19/12/2002 4:06:58 PM
Date (last access): 05/10/2005 4:18:04 PM
Date (last write): 19/12/2002 4:06:58 PM
Filesize: 455840
Attributes: archive
MD5: 7BC1711AA69E6BB9B88F5C3BAC77A451
CRC32: 19B51926
Version: 2002.12.19.1

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase:
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 23/08/2005 10:39:18 AM
Date (last access): 05/10/2005 4:18:04 PM
Date (last write): 23/08/2005 10:39:18 AM
Filesize: 161432
Attributes: archive
MD5: B6A2E5AB5CABC2D97ECD590E1C868C8E
CRC32: 8F916297
Version: 2004.6.23.42

{69432678-2906-2705-1128-068943397621} ()
DPF name:
CLSID name:
Installer:
Codebase:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase:
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128362612796
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 4:19:32 AM
Date (last access): 05/10/2005 1:24:24 AM
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase:
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 4:00:20 PM
Date (last access): 05/10/2005 4:18:04 PM
Date (last write): 29/05/2003 4:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class)
DPF name:
CLSID name: CustomerCtrl Class
Installer:
Codebase: http://cs7b.instantservice.com/jars/customerxsigned40.cab
description:
classification: Open for discussion
known filename: customerclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: customerclient.dll
Short name: CUSTOM~1.DLL
Date (created): 06/11/2003 12:55:34 PM
Date (last access): 05/10/2005 11:52:00 PM
Date (last write): 06/11/2003 12:55:34 PM
Filesize: 143360
Attributes: archive
MD5: CD9EBC1AF5DE9B067906FEDB4B91FA5E
CRC32: D1922662
Version: 4.0.0.0

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup
Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer: C:\WINDOWS\Downloaded Program Files\isetup.inf
Codebase: http://www.installengine.com/engine/isetup.cab
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.
Path: c:\windows\downlo~1\
Long name: iSetup.dll
Short name:
Date (created): 05/09/2001 5:22:02 AM
Date (last access): 05/10/2005 11:51:54 PM
Date (last write): 05/09/2001 5:22:02 AM
Filesize: 24576
Attributes: archive
MD5: 04A32A90F6F96727D448417FA13D868F
CRC32: C31FE0EF
Version: 6.31.100.1190

{9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control)
DPF name:
CLSID name: MSN File Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MsnUpld.inf
Codebase: http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
description:
classification: Open for discussion
known filename: MsnUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: MsnUpld.dll
Short name:
Date (created): 19/05/2003 3:30:40 PM
Date (last access): 05/10/2005 11:51:52 PM
Date (last write): 19/05/2003 3:30:40 PM
Filesize: 205880
Attributes: archive
MD5: 0F6F48E86D0F5FE47E4C7D364B7C579B
CRC32: 72C6AB39
Version: 9.0.305.1501

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program
Files\MsnMessengerSetupDownloader.inf
Codebase:
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 17/03/2005 2:48:34 PM
Date (last access): 05/10/2005 11:51:48 PM
Date (last write): 17/03/2005 2:48:34 PM
Filesize: 113152
Attributes: archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32: 31684779
Version: 1.0.0.2

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Installer: C:\WINDOWS\Downloaded Program Files\McGDMgr.inf
Codebase:
http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
description:
classification: Open for discussion
known filename: McGDMgr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: McGDMgr.dll
Short name:
Date (created): 22/07/2004 11:57:56 AM
Date (last access): 05/10/2005 11:46:56 PM
Date (last write): 24/05/2005 7:23:32 PM
Filesize: 288320
Attributes: archive
MD5: DAD85986ECE72BC56A535FCC116AA6DD
CRC32: 6B1048D3
Version: 1.0.0.26

{C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 17/09/2003 2:15:16 PM
Date (last access): 05/10/2005 11:51:42 PM
Date (last write): 17/09/2003 2:15:16 PM
Filesize: 318032
Attributes: archive
MD5: 8A5CEF5AC81CBA285FFB673CF5FEE5CB
CRC32: 3B8799AA
Version: 9.0.917.0

{CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object)
DPF name:
CLSID name: Zylom Loader Object
Installer: C:\WINDOWS\Downloaded Program Files\zylomloader.inf
Codebase:
http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: zylomloader.dll
Short name: ZYLOML~1.DLL
Date (created): 15/06/2004 9:52:56 AM
Date (last access): 05/10/2005 11:51:40 PM
Date (last write): 15/06/2004 9:52:56 AM
Filesize: 221184
Attributes: archive
MD5: F51AC085F67FA113F37290FDD8655BB1
CRC32: C26A0BE3
Version: 1.0.0.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 08/12/2003 3:01:58 PM
Date (last access): 05/10/2005 11:07:00 PM
Date (last write): 08/12/2003 3:01:58 PM
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 7.0.19.0

{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class)
DPF name:
CLSID name: SproutLauncherCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\SproutLauncher.inf
Codebase:
http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
description:
classification: Legitimate
known filename: SproutWebLauncher.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SproutWebLauncher.dll
Short name: SPROUT~1.DLL
Date (created): 04/08/2004 7:55:26 PM
Date (last access): 05/10/2005 11:51:38 PM
Date (last write): 04/08/2004 7:55:26 PM
Filesize: 151552
Attributes: archive
MD5: 46645B5CD2ABE8C4E3F3C24B499C2031
CRC32: 45087C7B
Version: 1.0.0.8

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase:
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
description:
classification: Open for discussion
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: popcaploader.dll
Short name: POPCAP~1.DLL
Date (created): 19/12/2003 5:02:06 PM
Date (last access): 05/10/2005 11:51:34 PM
Date (last write): 19/12/2003 5:02:06 PM
Filesize: 126976
Attributes: archive
MD5: 3FDDB5EE807DD371405B305ABDAE3529
CRC32: F4B06292
Version: 1.0.0.5

{E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control)
DPF name:
CLSID name: BTDownloadCtrl Control
Installer: C:\WINDOWS\Downloaded Program Files\btdownload.inf
Codebase:
http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
description:
classification: Open for discussion
known filename: BTDOWN~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: BTDownloadCtrl.ocx
Short name: BTDOWN~1.OCX
Date (created): 29/08/2003 11:07:04 AM
Date (last access): 05/10/2005 11:51:30 PM
Date (last write): 29/08/2003 11:07:04 AM
Filesize: 36864
Attributes: archive
MD5: 811C694944A8BC5C48181BCD876C07F4
CRC32: 18C1774B
Version: 1.0.0.4


BHO

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\PUPS.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\Trojans.sbi

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 1:47:54 AM
Date (last access): 05/10/2005 11:06:52 PM
Date (last write): 15/05/2003 1:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 03/10/2005 1:15:46 PM
Date (last access): 05/10/2005 11:06:52 PM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{69A87B7D-DE56-4136-9655-716BA50C19C7} (Google Web Accelerator Helper)
BHO name: Google Web Accelerator Helper
CLSID name: &Google Web Accelerator Helper
Path: C:\Program Files\Google\Web Accelerator\
Long name: GoogleWebAccToolbar.dll
Short name: GOOGLE~1.DLL
Date (created): 20/09/2005 3:41:40 PM
Date (last access): 05/10/2005 11:06:52 PM
Date (last write): 20/09/2005 3:41:40 PM
Filesize: 233472
Attributes: archive
MD5: 5179D395A405728DCEDA5AD391AD5AE9
CRC32: 474F387B

---------------------END OF
LIST--------------------------------------------------

 

[Guest]

START UP LIST


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\PUPS.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\Trojans.sbi

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: 9d3216a4e7205453aea3e6c445f23261

Located: HK_LM:Run, MCUpdateExe
command: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 212992
MD5: 612ecc8413abf6c2f8d57b8485535025

Located: HK_LM:Run, MPFEXE
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 999424
MD5: d8e2a541bfcbc0ebd090c1d8bff96435

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, OASClnt
command: C:\Program Files\McAfee.com\VSO\oasclnt.exe
file: C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76e033f33912bfaca4a05be8d1f3a740

Located: HK_LM:Run, VirusScan Online
command: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
file: C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: b154ac6dbd82f96476003e58e1625bd8

Located: HK_LM:Run, VSOCheckTask
command: "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
file: C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
size: 151552
MD5: 3c943ceb913520f9981d82db93ba7a8a

Located: HK_CU:Run, UninstallAbility
command: "C:\Program Files\UninstallAbility\uability.exe" /AUTO
file: C:\Program Files\UninstallAbility\uability.exe
size: 740352
MD5: 225ecfd9f305f7f022be813195c4e05f

Located: Startup (common), Run Google Web Accelerator.lnk
command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
size: 483328
MD5: 446b2afd73aa956be81d7d057a7ec481

Located: Startup (disabled), AOL 7.0 Tray Icon (DISABLED)
command:
file:

Located: Startup (disabled), Digital Line Detect (DISABLED)
command: C:\PROGRA~1\DIGITA~1\DLG.exe
file: C:\PROGRA~1\DIGITA~1\DLG.exe
size: 24576
MD5: d59b254a0d0d3456c9e522e65d662777

Located: Startup (disabled), Exif Launcher (DISABLED)
command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
size: 200704
MD5: bf0e0b83e4b2e1bbf5a77359728c92bc

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (disabled), MSupdater (DISABLED)
command: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\MSupdater.exe
file:

Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

-----------------------PROCESS LIST--------------------------


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\PUPS.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\Trojans.sbi

PID: 0 ( 0) [System]
PID: 584 ( 4) \SystemRoot\System32\smss.exe
PID: 632 ( 584) \??\C:\WINDOWS\system32\csrss.exe
PID: 656 ( 584) \??\C:\WINDOWS\system32\winlogon.exe
PID: 700 ( 656) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 872 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 940 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1032 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1088 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1380 ( 700) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: 2B7005BD9E0966CCCF70AE9A5B9D2427
PID: 1404 ( 700) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1640 ( 700) C:\WINDOWS\System32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1692 ( 700) c:\program files\mcafee.com\agent\mcdetect.exe
size: 126976
MD5: 920848F7B932B9CD543720F376E02A30
PID: 1760 ( 700) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
size: 221184
MD5: FAE84A2F9C11B7C532950BF0AE1EC26A
PID: 1924 ( 700) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
size: 122368
MD5: A214E217784D1002411DCA8E9793D4A4
PID: 1972 ( 700) C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
size: 548864
MD5: 6F6B2E2D37FFB20AE10C6A5ED4FAAA66
PID: 2000 ( 700) C:\WINDOWS\system32\nvsvc32.exe
size: 127043
MD5: F5CA5A3E07FE3FEFA48B620A25BE5863
PID: 456 ( 700) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 560 ( 700) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 1000 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2908 ( 700) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1896 (1892) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 3148 (1896) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 303104
MD5: 9D3216A4E7205453AEA3E6C445F23261
PID: 236 (1896) C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
size: 999424
MD5: D8E2A541BFCBC0EBD090C1D8BFF96435
PID: 3160 (1896) C:\Program Files\McAfee.com\VSO\mcvsshld.exe
size: 163840
MD5: B154AC6DBD82F96476003E58E1625BD8
PID: 3152 (1896) C:\Program Files\McAfee.com\VSO\oasclnt.exe
size: 53248
MD5: 76E033F33912BFACA4A05BE8D1F3A740
PID: 2872 (3160) c:\progra~1\mcafee.com\vso\mcvsescn.exe
size: 483328
MD5: 3B1A1BAA8D7444DEFCE4093611212ED6
PID: 2876 (1896) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740EDE788A60A6C0A47249FC410BF
PID: 1980 ( 872) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 21BD4696317A4A6383F86CDC5E026BFD
PID: 256 ( 872) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
size: 524288
MD5: 63F0213D5004325377D06BA94B64FB61
PID: 3764 (1896) C:\WINDOWS\system32\lexpps.exe
size: 174592
MD5: 7A4CC92D2A23D34934C71C61671E3A7C
PID: 3756 (1896) C:\Program Files\Google\Web
Accelerator\GoogleWebAccWarden.exe
size: 483328
MD5: 446B2AFD73AA956BE81D7D057A7EC481
PID: 1140 (3756) C:\Program Files\Google\Web
Accelerator\googlewebaccclient.exe
size: 1126400
MD5: 19290208A6CBCFF4BC96AF198FA35892
PID: 1716 ( 872) C:\WINDOWS\system32\wisptis.exe
size: 293376
MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8
PID: 1148 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3948 (1896) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2180 (1896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 1056 (1896) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
size: 214528
MD5: F0543ACEEB5CD8821469958C9F3DD9A4

 

[S. Taylor]

I've inserted comments tbru out your post.

I'm sorry it was my fault that I didn't specify that the lag occures when
I'm
connected and not only using IE. I really appreciate your help and thanks
for

No sweat, i wasn't blaming you i was kicking myself for assuming

your time. I'm posting my ActiveX list first, then BHO's. Start Up and
Process I have to post it in another message since the limit is 30000
words...
Thanks again. Ciao

ACTIVEX

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)

Are these from Spybots Process list ?
If so, what start up item did you disable?
(Blindman.exe is used by Spybot to prevent the start of any Startup Items
that you disable)
(Read about Blindman.exe at http://www.safer-networking.org/en/faq/25.html )

I've had trouble with TeaTimer causing lag on Windows 98.
Try disabling it, to see if it's the source of your lag, also.

I don't think unins000.exe should be running, unless you had recently
uninstalled something and it failed to unload.
Make sure it's not loading with windows


I'm guessing that borlndmm.dll & delphimm.dll are loading because you dabble
in programing?
Should they still be loaded?


aports.dll
UnzDll.dll (1.73.1.1)
ZipDll.dll (1.73.2.0)

Oh boy, you may have some trouble here ..
I'm going to end any further comments and focus on this entry
First check out
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078732
about AATools, AATools 4.30, AATools 4.31 & AATools 5.56

Now as i understand it, there is a legitimate series of utilities called
AATools
and there malicious versions of these tools made by someone else that
pretends to be
the legit version.
If you're sure you're using a legit version let me know and i'll continue
reviewing this list.

 

[Guest]

Hi and thanks again.

just one thing since I'm not an espert...how do I kill unins000.exe?
...second quick thing, I run windows in safe mode and run Ad-Aware + Spyobot
but nothing came out. I noticed though that when my McAffe firewall is
disabled the lag does not occur...now i'm trying to kill unins000.exe but I
don't know how...or maybe I need more time to figure it out. I beleive that
all this mess has been created by homekeylogger, which i downoladed on my pc
for a couple of houres and unistalled but this is the result....thanks for
your patience

ciao

 

[S. Taylor]

From within Spybot, check the BHO's & Startup Items for any references to
it.
Once you find it uncheck the box next to it.

What about
aports.dll
UnzDll.dll (1.73.1.1)
ZipDll.dll (1.73.2.0)
are you confident these are from a legitimate installation?

 

[Guest]

I checked in Spybot those files but I didn't find anything suspicious.
Evrething was ok. About aports.dll

UnzDll.dll (1.73.1.1)
ZipDll.dll (1.73.2.0)

I'm not sure if they were from a legitimate installation....as I wrote you
before I did install home key logger on purpose but since I uninstalled it
the computer started lagging. BTW I just found out the the company that made
the software (home keylogger) doesn't exist anymore....hmmm. Maybe I should
eliminate them? How? I'm not a computer expert....as a matter of fact I'm
learning a lot in these days from you...

thanks again

 

[S. Taylor]

If you didn't install AATools


Then read the info at
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078732
about the fake vesrion and clean it out.

 

[Guest]

Hi,
You know what I just found out? I run a search with start/search for the 3
files (aports.dll> UnzDll.dll> ZipDll.dll) and the result is that there are
all part of C:\Program Files\Spybot - Search & Destroy. So I beleive that
there legitimate.
As you told me I downloaded AA Tools and run it, but nothing came out,
exepct that my register was full of broken keys and I eliminated them. I
don't know what else to do. By mistake I also erase a key
(HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\Bgure Cebqhpgf.yax) and I'm trying to
recreate it, but I don't know what were the values of the key (Binary 16
bytes)...help!!!!

Thanks

 

[S. Taylor]

You're right UnzDll.dll & ZipDll.dll are part of some 3rd party compression
tools used by spybot.
But aports.dll is not .... uninstall it.

I don't have that registry entry, and i use the english version of xp, and
don't know the language
that was made in , so someone else will have to help you with it.
But :%pfvqy2% is an enviroment variable refence, check xp's enviroment
variable to see where :%pfvqy2% points too.

 

[S. Taylor]

START UP LIST


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)

consider disabling TeaTimer, ive found it to be an irritating cause of some
system lag

2005-10-03 unins000.exe (51.41.0.0)

You disabled this by now, yes?

2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)

Uninstall this

2005-05-31 borlndmm.dll (7.0.4.453)

I have this also, dont know what installs it, but it shouldn't be loading
unless you need the Borland Memory Manager.

2005-05-31 delphimm.dll (7.0.4.453)

What is this for? do you need it to be loaded?

2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

I'm guessing your using an NVidia video card?

Located: HK_CU:Run, UninstallAbility
command: "C:\Program Files\UninstallAbility\uability.exe" /AUTO
file: C:\Program Files\UninstallAbility\uability.exe
size: 740352
MD5: 225ecfd9f305f7f022be813195c4e05f

Please investigate this program, it may be the one loading unins000.exe
Do you want it running all the time?

Located: Startup (common), Run Google Web Accelerator.lnk
command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
size: 483328
MD5: 446b2afd73aa956be81d7d057a7ec481

Do you use this?
If not then uninstall it

Located: Startup (disabled), AOL 7.0 Tray Icon (DISABLED)
command:
file:

Located: Startup (disabled), Digital Line Detect (DISABLED)
command: C:\PROGRA~1\DIGITA~1\DLG.exe
file: C:\PROGRA~1\DIGITA~1\DLG.exe
size: 24576
MD5: d59b254a0d0d3456c9e522e65d662777

Located: Startup (disabled), Exif Launcher (DISABLED)
command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
size: 200704
MD5: bf0e0b83e4b2e1bbf5a77359728c92bc

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (disabled), MSupdater (DISABLED)
command: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\MSupdater.exe
file:

Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

If you've disabled them, do you still use them?
If not uninstall them

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

I do not like it when something tries to run from system.ini .
You should post a new thread asking if anyone knows what these prgrames are
so you can
decide if you need to disable them.


Read about controlling Startup Items at
http://www.pacs-portal.co.uk/startup_content.php

-----------------------PROCESS LIST--------------------------


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)

Don't like it, see above

2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)

2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)

These 3 items concern me, while i have borlndmm.dll, it isnt running on my
comp
both of the last 2 should be loading if your using something that needs them
and your process list doesn't indicate anything that may need them.

And as I said above aport.dll isnt part of Spybot, it's either from the
legit version AATools or from the malware version.
Check out the website i mentioned before to see about removing it.

2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)

PID: 0 ( 0) [System]
PID: 584 ( 4) \SystemRoot\System32\smss.exe
PID: 632 ( 584) \??\C:\WINDOWS\system32\csrss.exe
PID: 656 ( 584) \??\C:\WINDOWS\system32\winlogon.exe
PID: 700 ( 656) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 872 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716

Read how to tell if svchost.exe is being used to load malware/trojans/etc.
http://www.sysinfo.org/startuplist.php?filter=svchost.exe

PID: 1380 ( 700) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: 2B7005BD9E0966CCCF70AE9A5B9D2427

http://www.neuber.com/taskmanager/process/lexbces.exe.html
lexbces.exe is a process which is associated with Lexmark MarkVision., do
have one installed?
This should be loaded in order to confirgure a Lexmark printer's onboard
network server.
This program is a non-essential system process, but should not be terminated
unless suspected to be causing problems.
And make sure you're using using a Lexmark MarkVision, because the fact that
this entry is upcase is suspicious,
and probably should be in the system32 folder if its legitimate.

PID: 1640 ( 700) C:\WINDOWS\System32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B

http://www.auditmypc.com/process/ctsvccda.asp
To see if you need this

PID: 2000 ( 700) C:\WINDOWS\system32\nvsvc32.exe
size: 127043
MD5: F5CA5A3E07FE3FEFA48B620A25BE5863

http://www.auditmypc.com/process/nvsvc32.asp
I have an NVidia card, but i dont have this file.

PID: 456 ( 700) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5

http://www.auditmypc.com/process/wdfmgr.asp
Lists this as a microsoft system app, but i dont have it on my system

PID: 560 ( 700) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9

http://www.auditmypc.com/process/mspmspsv.asp
Lists this as a microsoft system app, but i dont have it on my system

PID: 3764 (1896) C:\WINDOWS\system32\lexpps.exe
size: 174592
MD5: 7A4CC92D2A23D34934C71C61671E3A7C

http://www.auditmypc.com/process/lexpps.asp
Another Lexmark driver.
that site says it's only needed if your sharing the printer over a network,
and
that some people have problems with it

PID: 3756 (1896) C:\Program Files\Google\Web
Accelerator\GoogleWebAccWarden.exe
size: 483328
MD5: 446B2AFD73AA956BE81D7D057A7EC481
PID: 1140 (3756) C:\Program Files\Google\Web
Accelerator\googlewebaccclient.exe
size: 1126400
MD5: 19290208A6CBCFF4BC96AF198FA35892

I take it, these are part of the web accelerator listed further up?

PID: 1716 ( 872) C:\WINDOWS\system32\wisptis.exe
size: 293376
MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8

http://www.auditmypc.com/process/wisptis.asp
Indicates you only need for for tablet pc's



You should check the version tab on the properties windows for the files
that i wrote that i dont have
findout what information that tab has listed for each program.

 

[Guest]

Hello,
I guess I solved the issue....remember when I mention that when my firewall
or my viruscan are disabled the lag does not occur? well I contacted McAffe
custumer support and I told them that since they update/ renew my Firewall
and Virus scan my computer started lag. They solved me the problem by right
clicking on the red McAfee icon on the right (near the clock), then Virus
Scan, Options, Advanced, then check "Program files and documents only" on
Files Types to Scan option. It worked!!!

Thank you very much for your help and time that you dedicated to me, I
really appreciated it. It's nice to know that I'm not alone in solving my
computer problems but there are people like you who can help or even just be
supportive. Thanks again

Ciao

 

[S. Taylor]

No problem.
Glad it was something relatively simple