|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
July 5th, 2004, 09:07 PM
|
|||
|
|||
|
Another computer slowing down. Help!
Hey, anyhelp on speeding up my friend comp would be greatly appriciated. Here's the fun stuff...
This is split in two due to the amount of the log. Logfile of HijackThis v1.97.7 Scan saved at 9:51:30 PM, on 7/5/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\mcc.exe C:\documents and settings\valued customer\local settings\temp\UXq.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\NDrv.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe c:\ClrSchP072.exe c:\May17_loader.exe C:\WINDOWS\System32\dp-him.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\uptodate.exe C:\Program Files\Save\Save.exe C:\Program Files\ClockSync\Sync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Steam\Steam.exe C:\Documents and Settings\Valued Customer\Desktop\hlsw_1_0_0_10-beta.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Valued Customer\Desktop\RefreshLock.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Steam\SteamApps\knowfreedom_44@hotmail.com\counter-strike\cstrike\HijackThis.exe
|
|
#2
July 5th, 2004, 09:07 PM
|
|||
|
|||
|
2nd part
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = URL R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [w75i3pX] mprtnt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe O4 - HKLM\..\Run: [UXq] C:\documents and settings\valued customer\local settings\temp\UXq.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AutoLoaderAproposClient] "c:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [MSIMTF837i.exe] "C:\WINDOWS\System32\MSIMTF837i.exe" O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - URL O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - URL O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - URL O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - URL O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE194F9-3FA9-4E18-9AB9-E561DCDE43A9}: NameServer = 205.152.144.23 205.152.132.23 R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [w75i3pX] mprtnt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe O4 - HKLM\..\Run: [UXq] C:\documents and settings\valued customer\local settings\temp\UXq.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AutoLoaderAproposClient] "c:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [MSIMTF837i.exe] "C:\WINDOWS\System32\MSIMTF837i.exe" O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - URL O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - URL O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - URL O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - URL O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE194F9-3FA9-4E18-9AB9-E561DCDE43A9}: NameServer = 205.152.144.23 205.152.132.23
|
|
#3
July 6th, 2004, 12:22 PM
|
|||
|
|||
|
Click on start, control panel and double-click on add/remove programs. Uninstall the following programs if found:
WhenU WhenUSave ClockSync Eanthology Appropos ClearSearch Then do the following: I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/metasearch.php?dst=DIST1 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O4 - HKLM\..\Run: [w75i3pX] mprtnt.exe O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe O4 - HKLM\..\Run: [UXq] C:\documents and settings\valued customer\local settings\temp\UXq.exe O4 - HKLM\..\Run: [AutoLoaderAproposClient] "c:\May17_loader.exe" /HideUninstall /PC="AM.WILD" /ShowLegalNote=nonbranded O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [MSIMTF837i.exe] "C:\WINDOWS\System32\MSIMTF837i.exe" O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0972522bc6d0e6...ip/RdxIE601.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab Reboot your computer into Safe Mode and delete the following files: Then delete these files or directories (Do not be concerned if they do not exist) C:\WINDOWS\System32\stlbdist.DLL C:\WINDOWS\System32\mcc.exe C:\documents and settings\valued customer\local settings\temp\UXq.exe c:\May17_loader.exe C:\Program Files\ClearSearch\ C:\WINDOWS\System32\dp-him.exe C:\WINDOWS\uptodate.exe C:\Program Files\Save\ C:\WINDOWS\System32\NDrv.exe C:\Program Files\Common Files\eAcceleration\ C:\WINDOWS\System32\MSIMTF837i.exe C:\Program Files\ClockSync\ Disable System Restore. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above Reboot your computer to go back to normal mode and post a new log.
|
|
#4
July 6th, 2004, 05:13 PM
|
|||
|
|||
|
Thank you, we will do the above, and sorry for the extra stuff running I shouldbe reminded him to close programs
 We will post new cleaner log soon.
|
|
#5
July 6th, 2004, 06:20 PM
|
|||
|
|||
|
This is my com
hey im the guy with the slow computor problem, i did everything you told me to do and this is my new log... MAY 17 loader and dp-him keep comming back..?
Logfile of HijackThis v1.97.7 Scan saved at 7:19:16 PM, on 7/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\mcc.exe C:\documents and settings\valued customer\local settings\temp\UXq.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\May17_loader.exe C:\WINDOWS\System32\dp-him.exe C:\WINDOWS\uptodate.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\NDrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe O4 - HKCU\..\Run: [MSIMTF837i.exe] "C:\WINDOWS\System32\MSIMTF837i.exe" O9 - Extra button: AIM (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - URL O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - URL O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - URL O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - URL O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - URL O17 - HKLM\System\CCS\Services\Tcpip\..\{9CE194F9-3FA9-4E18-9AB9-E561DCDE43A9}: NameServer = 205.152.144.23 205.152.132.23 THX
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Another computer slowing down. Help! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
