TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Don on October 07, 2004, 08:15:40 AM

Title: Slow Machine
Post by: Don on October 07, 2004, 08:15:40 AM

My machine is very slow, I'm trying to get the latest version of Hi Jack this but am on a very slow connection in RP. In the mean time heres my latest scan with the older version,, Any sug to help me get things faster ??? new log will follow when I get the newer version,, thank you


Logfile of HijackThis v1.97.2
Scan saved at 3:37:47 PM, on 9/21/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\NCDSTART.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Computer.DON\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html (http://\"http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.yahoo.com (http://\"http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s (http://\"http://search.yahoo.com/search?p=%s\")
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} -
C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -
C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no
file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no
file)
O3 - Toolbar: FWN Toolbar - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
/STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk = C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/bt1_x.cab\")
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/ot0_x.cab\")
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/mjst3_x.cab\")
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab (http://\"http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab\")
O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0309.cab (http://\"http://download.yahoo.com/dl/installs/yinst0309.cab\")
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://\"http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1} (PhotosCtrlCA Class)
- http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab (http://\"http://ca.photos.groups.yahoo.com/ocx/ca/yexplorer1_9ca.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab\")
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab (http://\"http://digitalflip.biz/fvlite22/fvlite.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls.../20/SassCln.CAB (http://\"http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (http://\"http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://fdl.msn.com/public/chat/msnchat45.cab (http://\"http://fdl.msn.com/public/chat/msnchat45.cab\")

Title: Slow Machine
Post by: guestolo on October 07, 2004, 07:23:03 PM

Hijackthis 1.98.2 is only 179 kb download
I think you can weather the storm and download it first and post a log from the newest version  /rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

Title: Slow Machine
Post by: Guest on October 10, 2004, 08:58:33 AM

Finally got online again and got the latest hijack. Between this slow machine and the terrible connections over here its been a challenge. /tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
 heres the latest hijack log

Logfile of HijackThis v1.98.2
Scan saved at 6:59:08 PM, on 10/10/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SIERRA\Hoyle Card Games 2003\hoylecardgames.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html (http://\"http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s (http://\"http://search.yahoo.com/search?p=%s\")
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: ZIBho Class -
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlpLauncher Class -
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program
Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: IeCatch2 Class -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FWN Toolbar -
{3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC]
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup]
E:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight -
C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight
Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: (no name) -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/bt1_x.cab\")
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/ot0_x.cab\")
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/mjst3_x.cab\")
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab (http://\"http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab\")
O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1}
(PhotosCtrlCA Class) -
http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab (http://\"http://ca.photos.groups.yahoo.com/ocx/ca/yexplorer1_9ca.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab\")
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545}
(FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab (http://\"http://digitalflip.biz/fvlite22/fvlite.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (http://\"http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab (http://\"http://fdl.msn.com/public/chat/msnchat45.cab\")
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7B1FC6A8-C5DE-486D-A8CA-38EFB4FBAFA4}:
NameServer = 202.47.132.9 202.47.132.6


please help  /ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />

Title: Slow Machine
Post by: guestolo on October 10, 2004, 01:05:00 PM

Access your Add/Remove Programs and Remove if found
FINDWHATEVERNOW

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: (no name) -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FWN Toolbar -
{3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll

O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe

Optionally remove the next ones too, there NOT needed on startup, programs work fine without them

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE

RESTART your computer

This entry here
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
I don't know much about it, and can't find a privacy policy on them
Do you know if it is a safe program?

Your 017 entry tells me that your ISP may be located somewhere in the Phillipines
Mosaic Communications
Does this look right to you?

Download and Install the free version of Ad-Aware (http://\"http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button\")
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back with a Fresh hijackthis log afterwards and let me know how it's going...
When posting back your log, please don't modify it, it any way, just copy and paste
the contents of the log back here in it's original state

Title: Slow Machine
Post by: Guest on October 11, 2004, 08:14:26 AM

Yes I'm on Mindinao in the Philippines, Achronet is a program I use to keep track of my internet useage. just got power back after 12 hrs off. I think I got everything you said done and it took some time. Heres the new log.
Logfile of HijackThis v1.98.2
Scan saved at 6:29:38 PM, on 10/11/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s (http://\"http://search.yahoo.com/search?p=%s\")
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: ZIBho Class -
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlpLauncher Class -
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program
Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC]
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup]
E:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight -
C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight
Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/bt1_x.cab\")
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (http://\"http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab\")
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/ot0_x.cab\")
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/mjst3_x.cab\")
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab (http://\"http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1}
(PhotosCtrlCA Class) -
http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab (http://\"http://ca.photos.groups.yahoo.com/ocx/ca/yexplorer1_9ca.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab\")
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545}
(FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab (http://\"http://digitalflip.biz/fvlite22/fvlite.cab\")
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab (http://\"http://www.installengine.com/engine/isetup.cab\")
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab (http://\"http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab (http://\"http://fdl.msn.com/public/chat/msnchat45.cab\")

Title: Slow Machine
Post by: Guest on October 12, 2004, 07:53:45 PM

message via Hurricane- got fax from Don, his server is down again ,he uses cards for access, machine is faster, problems began as you guessed Guestelo with an attempted uninstall of Norton, on re-install the install stopped when it announces Norton was already on the system, even though it was off the add and remove program list. I sent reg clean to his nieghbour who will copy to floppie and see he gets it.