Machine a bit slow - can someone look at HiJack This?

Hi,

I have a Dell C840 laptop, 1.8 MHz, 1GB ram, 40 GB HDD. XP Pro SP2 with latest updates, ZAP firewall v6.1.737.000, Norton 2004 antivirus v10.0.1.13. I have SpywareGuard v2.2.0, and SpywareBlaster v3.4 installed and regularly updated. I have Windows Defender running in background and I do a full scan about every week; I also scan with SpyBot S&D, Ewido v3.5, and Ad-Aware SE as well as scanning with NAV - full scans, usually weekly. I have done this before saving the HiJack This log, although the scans were not done in safe mode.

I have also used Registry Mechanic and CCleaner to check temp files and registry and have used Wintasks and SpyBot utilities to selectively limit the startup list (startup currently takes about 3 min). I use Broadband internet via BT and an Intel AnyPoint DSL modem, so the laptop can be connected to the internet for days on end. I use Firefox 1.5.0.1 rather than IE6, except when I have no choice.

I have used GRC.com's ports scanner to make sure that the machine is fully "stealth" when on-line.

I have noticed that the machine seems to be running slower than usual and occasionally 'hangs' on shutdown, although no other real problems. I just wondered if one of the experts could run an eye over my Hijack This log to make sure nothing nasty has sneaked in.

Thanks in anticipation.

 

Chaslang,

Thanks for the info - I checked and I have actually updated SpywareBlaster to 3.5.1, but I forgot to update my text file that contains the record my machine specs - sorry.

Ewido does not run in the background (at least it shouldn't as my subscription has long expired). I only want it for manual scans (it seems to find tracking cookies like no other app.) so I'll de-install and re-install without the realtime components. I wasn't aware that SpywareGuard could interfere with MS Defender - I knew you can't run multi AV apps, but I thought a couple of anti-spyware were OK. I'll think I'll de-install SpywareGuard and leave Defender.

I'll run through the process in the stickie and repost - apologies, didn't want to waste your time, just thought by having a quick look at the HJT log you could tell if I have a problem, which it appears I might from the registry key you pointed out. Definitely a newbie to this malware stuff.

Halo,

Thanks for pointing out ZAP was out of date - I usually get alerts telling me when a new version is out and tend to rely on these.

Also, I didn't realise that using CCleaner could cause a hang. On reflection that's pretty consistent with what I have obseved, just never made the connection until now. Doh!

I wasn't aware I had a nVidea GFX card - the video system is running as it came out of the box back in 2003, except I updated the drivers from the Dell site a few months back.

I mainly use the laptop in a docking station with a Dell 17" flatscreen monitor - is it still OK to shut down the NVIDIA display driver service and, if so, how would I go about that? (I realise that this is a little off topic - shout at me if required and I'll put a separate post in "hardware"

 

OK,

I have now followed instructions.

I have de-installed Ewido, rebooted and re-installed without the two resident components (I like it, but can be pursuaded to ditch it if it's a problem).

I have de-installed SpywareGuard and manually removed the folder in the Registry.

I have updated ZAP to 6.1.744.000; I did a clean install then imported my security settings. Because of Chaslang's comment on conflicting antispyware, I've turned off ZAP's antispyware feature - let me know if this should be on.

Updated Spybot, AdAware

I rebooted into safe mode -

Ran CCleaner

Ran Windows Malicious Software Removal tool - No malicious software detected

Ran AdAware - full scan - No critical objects, fixed one MRU list

Ran Spybot. Immunised then scanned. No threats

Windows Defender - full scan - No unwanted or harmful software.

Tried to connect to internet in Safe + networking, but couldn't get my DSL modem to work (it uses a dail-up type connection). Rebooted in normal mode.

Ran Bitdefender - No problems found. Log attached. (As an aside, I had to reduce my ActiveX security controls before it would run - it might be useful to add this as a warning in your sticky. Also, I had to hunt in the Bitdefender tabs to find the 'save report' option, unless that's just because it found nothing).

Ran Panda - scanned 'My Computer' - 74 items of spyware found, none disinfected. Log attached. The items all appear to be cookies, most in somewhere called "Recycler".

Ran HijackThis - log attached.

Any advice on how to proceed?

Thanks for the input thus far.

 

OK, Chas, please don't take offence, but I'd like a little more info before I start fixing and changing things. Based on my post, you seem to be giving me advice on two subjects: a possible infection and a slow machine. To be clear, my machine is not particularly slow, with the exception of a three-minute boot-up. What I said was that it seemed subjectively slower, and I was concerned in case this change indicated some sort of infection, which is why I just initially posted my HijackThis log, for an expert to tell me if I had a problem.

So if we could split the advice into two:

1) Have I got an infection? If yes, I think it is compulsory for me to get rid of it. I'd appreciate your help with this.

2) Tips on how I could speed up my machine by closing down or deleting legitimate but unnessecary services. This is purely optional for me, in my opinion. I would still like your opinion on this, but I may or may not take it (e.g. on Ewido - I checked in Task manager and ewidoctrl.exe is currently using 0 cpu and 1836 k memoery - not exactly tasking my machine. Obviously if I start it, I expect it to use more as I do a manual scan).

Please, please, please don't think I don't appreciate your efforts, particularly as you volunteer your time. As I don't really understand what you are asking me to do, I prefer to understand at each step whether we are fixing (a Must) or optimising (a Maybe).

Thanks in anticipation.

 

Oh, and to answer your questions:

ZAP is the paid-for firewall, not the security suite. I originally bought just the firewall, but Zone Labs have added the spyware scanner as a part of a firewall upgrade. I have no idea if it just scans to a schedule or if it has a resident component giving real-time protection. I will not loose any sleep if I'm told to turn this off in favour of Defender - ZAP will just nag me every time I open its control panel. I thought Defender runs in the background as well as performing quick scans daily.

Anonymizer is Anonymizer 2005, a paid-for utility that allows me to route my surfing through Anonymizer's secure USA servers, thus hiding my IP if I want to surf a little on the dark side. This is set to be manually started, so I thought it would not use resources unless I'd manually started it (a bit like Word). I had no idea it had a toolbar, so I checked and it has added a toolbar to IE without me noticing - I use IE6 so rarely and don't tend to customize it. I've turned this off now in IE's "View" menu. I don't think it has added anything to Firefox - I think I would have seen it.

 

Bye the way.

I didn't realise that Messenger was running - I thought I'd deleted it, but it may have reinstalled itself when I played Internet Checkers.

I've just deleted it (I don't message) using the "Add/Delete Windows components" option in Control Panel > Add/Delete Programs.

I re-checked and the Messenger button has gone from IE6 menu options.

 

Final question

Why would you want me to fix the key

"O15 - Trusted Zone: http://*.windowsupdate.com"?

Surely this is just one of the two entries of the Windows Update sites URLs in IE6's Trusted Zone? I would have thought I could fix this by taking Windows Update out of the IE trusted zone directly in the "IE Tools > Internet Options.." menu, rather than messing with registry keys, but why would I want to do that anyway?

 

OK, thanks for the patience and the input.

I have left Ewido for now - I'll check its effect on boot-up speed when we've finished and then decide whether the penalties outweigh the benefits.

I've fixed the issues you mentioned and have cleaned out the Norton Protected recycle bin.

Machine seeems to be fine. Attached is a new HJT log, as you requested.

 

Thanks for that Chas.

Over and out, as they say. Another success for the MajorGeek team.