Post by: kisa_l on February 03, 2005, 03:16:29 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> and i don't now what can cause it. Please advise, thank you. What should i do, what's the first steps.
Post by: guestolo on February 03, 2005, 04:11:21 PM
Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer
Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT
Now you will have C:\HJT
Download Hijackthis from CLICK HERE (http://\"https://ssl.perfora.net/tools.radiosplace.com/HijackThis.exe\") or CLICK HERE (http://\"http://aumha.org/downloads/hijackthis.exe\")
Save it to that new folder
Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Post by: kisa_l on February 04, 2005, 08:36:44 AM
Logfile of HijackThis v1.99.0
Scan saved at 8:36:14 AM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PVSW\Bin\W3dbsmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca (http://\"http://www.google.ca\")
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BusinessVision Workgroup Setup.lnk = C:\WINDOWS\Bvwgset.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab (http://\"http://www.streamaudio.com/download/ccpm_0237.cab\")
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
THANKS
Post by: guestolo on February 04, 2005, 12:20:13 PM
This program, I'm not familiar with
TuneUp WinStyler Theme Service
Apparently it has a defragger, memory optimizer, etc.....
Does it also clean temp folders?
Have you defragged lately?
When did you notice the slowdowns, what was the last thing you installed when this started happening?
I'm just concerned about this one, it's not a threat or anything
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
But here's a quote for an online startup list
Quote
Database Service Manager for Pervasive SQL 2000 Workgroup edition. Required if you use Pervasive SQL but it's recommended you start it manually before using it as it has a tendancy to crash/freeze if loaded with other applications at startup
Here's some more info
http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm (http://\"http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm\")
Let me know the above info...... See if we can track down the slowdowns
Also---Have you used any Spyware removers on your system, not that your log shows you need to, but let me know
Post by: kisa_l on February 04, 2005, 01:00:51 PM
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
is for Business Vision 32 Database that i use at work and Pervasive helps to access data from another comp that we call "server". Sorry, I should mentioned it before. I just don't know what to look for
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />TuneUp WinStyler Theme Service - i just put it in on my comp 2 days ago hoping it will resolve the problem - it did not.
What happens now - it takes a while to open a program and takes 100% of CPU , and when I work with MS Office, for example excel - it takes to long for computer to actually show me the data I entered (i'm not a fast typer), and move between cells, as well as minimizing and maximizing the program windows.
Thanks
Post by: guestolo on February 04, 2005, 01:08:57 PM
I have to go out for a bit.....
Can you navigate to Pervasive software and put a shortcut on the desktop to manually start it up?
I'll check back later......You should be able to navigate to the Start>>All programs folder and right click on the executalbe and "Send to"
Create shortcut to desktop
Or it may be found in the C:\Program Files folder
We're not going to get rid of it
If we remove anything with hijackthis it makes backups, so not to worry
I'll check back later, try and make a shortcut to the program
Also let me know what version of Ad-Aware your using
Open Ad-Aware>>Click on DETAILS>>>let me know reference number and Internal build
Post by: kisa_l on February 04, 2005, 01:39:21 PM
Definitions File Loaded:
Reference Number : SE1R26 25.01.2005
Internal build : 31
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 413418 Bytes
Total size : 1303446 Bytes
Signature data size : 1273751 Bytes
Reference data size : 29183 Bytes
Signatures total : 36254
Fingerprints total : 607
Fingerprints size : 22890 Bytes
Target categories : 15
Target families : 632
And I made a shortcut on the destop for Pervasive.SQL Workgroup Engine.
and also here is the system info, don't know if it helps:
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name WS-4
System Manufacturer IBM
System Model 6269M2U
System Type X86-based PC
Processor x86 Family 6 Model 8 Stepping 3 GenuineIntel ~668 Mhz
BIOS Version/Date IBM PTKT15AUS, 9/19/2000
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale Russia
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name WS-4\Anna
Time Zone Eastern Standard Time
Total Physical Memory 256.00 MB
Available Physical Memory 42.39 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 625.46 MB
Page File C:\pagefile.sys
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on February 05, 2005, 10:46:37 PM
Well it's a clean log
I just want you to try removing that one entry with Hijackthis
Close all other windows, including this one
Do another scan with Hijackthis and put a check beside this entry
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
RESTART your computer, does it make any difference?
Do you clean your temp folders regularly?
You may want to try this free utility
Download
Windows CleanUp! by StevenGould (http://\"http://www.antispyware.nextdesigns.net/installs/cleanup.php?type=exe\")
This will clean all your temp folders, cookies, prefetch, etc...
Open up Windows CleanUp you installed earlier
START>>All programs>>CleanUp
Click the CleanUp button
Let it finish scanning for files and when it's done
Restart your computer
Startup will be a little slower after running Windows Cleanup the first time because it cleans your Prefetch folder also
But that will increase on next bootup
Let me know if the above makes any difference
If not, I would track it down to the last thing you can remember installing
That might help
Post by: kisa_l on February 07, 2005, 08:38:55 AM
I've done everything you said, computer looks to work better now. A lot faser. Thanks for all your help and have a great day.
Post by: guestolo on February 07, 2005, 12:23:05 PM
Glad to hear everything is running well