My lappy seems to be severely hampered (as in very slow running speed) by something. I've run everything I can think of, and not much seems to be happening.

I've taken the liberty of copying the latest HJT scan, if someone would be so kind to have a squizz.

Todays gem is that AVG says it is out of date, I've updated it, however it hasn't updated itself. It now won't let me manually update it either, leaving the black/grey icon showing ..

spybot revealed not much .. however there are entries it won't delete (a message saying they're in the memory?) mainly 8 x hkey changes which won't fix themselves ..

I'm not too sure what has happened but something seems to have changed my settings as well ... for example, when I ran adaware last all of my bookmarks were changed from where I had placed them, into alpha order ..

any help greatly appreciated

Logfile of HijackThis v1.98.2
Scan saved at 8:33:07 AM, on 1/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avginet.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACK THIS\HijackThis3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O15 - Trusted Zone: *.airservicesaustralia.com
O15 - Trusted Zone: *.emailcash.com.au
O15 - Trusted Zone: *.homefind.com.au
O15 - Trusted Zone: *.membersequity.com.au
O15 - Trusted Zone: *.msn.com.au
O15 - Trusted Zone: *.pcu.com.au
O15 - Trusted Zone: *.realestate.com.au
O15 - Trusted Zone: *.cdu.edu.au
O15 - Trusted Zone: *.casa.gov.au
O15 - Trusted Zone: *.dha.gov.au
O15 - Trusted Zone: *.jobs.qld.gov.au
O15 - Trusted Zone: *.jetblasters.com
O15 - Trusted Zone: *.membersequity.com
O15 - Trusted Zone: *.zone.msn.com
O15 - Trusted Zone: *.afap.org.au
O15 - Trusted Zone: *.pprune.org
O15 - Trusted Zone: *.zonelabs.com
O16 - DPF: ppctlcab - http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E9BE4A-6E6E-4D81-8F7D-441663D8B0ED}: NameServer = 203.134.64.66 203.134.65.66

Hi Voice,

As I just posted to Aiglon..

Sorry, but there have been a few logs posted in the last day or so, and I'm getting around to them all as quickly as I can, but for the moment I'm off out. I'll check your log on my return..

but in the mean time, could I ask you to run HJT again, click on Config | Misc. Tools | Check for Updates and download the latest version. There's nothing obvious from the log you've posted, but the new version may highlight something further. Could you also just go through that list of sites in your trusted zone, and check that they are all legit, and that you have put them there yourself.. :)

Cheers

Liam

E-Liam

I thank you very muchly for taking the time ..

below is the scan with v1.99


I have made quite a lot of sites trusted since you last gave me such good advice .. now I don't know whether I have put a couple in or whether something else has done it, itself!

I'll do whatever you advise .. doesn't really matter to me as long as I get this thing sorted before Feb and the beginning of this years hell !!!


Logfile of HijackThis v1.99.0
Scan saved at 2:56:36 PM, on 1/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Robyn\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com.au/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O15 - Trusted Zone: *.airservicesaustralia.com
O15 - Trusted Zone: *.emailcash.com.au
O15 - Trusted Zone: *.homefind.com.au
O15 - Trusted Zone: *.membersequity.com.au
O15 - Trusted Zone: *.msn.com.au
O15 - Trusted Zone: *.pcu.com.au
O15 - Trusted Zone: *.realestate.com.au
O15 - Trusted Zone: *.cdu.edu.au
O15 - Trusted Zone: *.casa.gov.au
O15 - Trusted Zone: *.dha.gov.au
O15 - Trusted Zone: *.jobs.qld.gov.au
O15 - Trusted Zone: *.jetblasters.com
O15 - Trusted Zone: *.membersequity.com
O15 - Trusted Zone: *.zone.msn.com
O15 - Trusted Zone: *.afap.org.au
O15 - Trusted Zone: *.pprune.org
O15 - Trusted Zone: *.zonelabs.com
O16 - DPF: ppctlcab - http://www.my-etrust.com/includes/pscanner/ppctlcab.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E9BE4A-6E6E-4D81-8F7D-441663D8B0ED}: NameServer = 203.134.64.66 203.134.65.66
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hi Voice,

It's a clean log. I asked about the trusted sites for two reasons, one that you'd know which ones you'd put in there, and two, I didn't have time to check myself last night. In the cold light of day, they all look fine. :ok:

The AVG problem.. it sounds as though the program itself has crashed. Uninstall it, then reinstall it. Do you remember the location of the original install file.. if not, do a local search for

avg70free_*

the file you are looking for is a little over 10mB. Failing that download a new copy from the site.

Just to make sure that it isn't a virus causing this in the first place, go here (http://housecall.trendmicro.com/housecall/start_corp.asp), and run the online virus scan; choosing the Autoclean option just before clicking the Scan button.

Then do the reinstall of AVG, if nothing was found.

It looks as though Spybot has picked up some dodgy files (techy term) :) in System Restore. Could you post up the full filepath for one of the files for me please, and I'll see where it is.


Cheers

Liam

Thanks Liam .. will re-run Spybot in the next day or so .. got my hands full moving into the new hacienda .. I'll post one of those thingamees as soon as I've done it ..

Liam

There are 9 of these suckers that just won't bugga off!! Here is one as per the spybot run I've just completed

settings
HKEY_LOCAL_MACHINE\Software/SpeedBit\Download Accelerator\ADS\Second Media

the others are all the same up to the Download Accelerator bit then they are:

Ad category
ADS Updates

ADS Proxy

ADS NoTrigger

ADS Leech

ADS FileList

ADS Category

ADSADS

what do these thingamee's do? obviously as they're in red something has been changed .. but how/why ...

thanks again for your help ..

rgds

TV

Hi TV,

DAP, in the freeware version is ad-based. These are the entries that do this. Unlike other more vociferous adware installed with software, these are relatively harmless. To get rid of them you will need to uninstall DAP, which from my reference source isn't necessary, as they will reload each time you boot. You will probably find that the program wouldn't work if you deleted the main file anyway. I'm surprised that Spybot picks up on them, as it never used to, and as far as I know, Adaware sees them as fine.:ok: :)

Admittedly the two programs do go about things in a slightly different way. :)

Cheers

Liam