« previous next »
Pages: [1]

Author Topic: Slow Machine  (Read 813 times)

Don

  • Guest
Slow Machine
« on: October 07, 2004, 08:15:40 AM »
My machine is very slow, I'm trying to get the latest version of Hi Jack this but am on a very slow connection in RP. In the mean time heres my latest scan with the older version,, Any sug to help me get things faster ??? new log will follow when I get the newer version,, thank you


Logfile of HijackThis v1.97.2
Scan saved at 3:37:47 PM, on 9/21/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\NCDSTART.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Computer.DON\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} -
C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -
C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no
file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no
file)
O3 - Toolbar: FWN Toolbar - {3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
/STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk = C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab
O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
- http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1} (PhotosCtrlCA Class)
- http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) -
http://www.microsoft.com/security/controls.../20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
Logged

guestolo

  • Guest
Slow Machine
« Reply #1 on: October 07, 2004, 07:23:03 PM »
Hijackthis 1.98.2 is only 179 kb download
I think you can weather the storm and download it first and post a log from the newest version  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
Logged

Guest

  • Guest
Slow Machine
« Reply #2 on: October 10, 2004, 08:58:33 AM »
Finally got online again and got the latest hijack. Between this slow machine and the terrible connections over here its been a challenge. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
 heres the latest hijack log

Logfile of HijackThis v1.98.2
Scan saved at 6:59:08 PM, on 10/10/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SIERRA\Hoyle Card Games 2003\hoylecardgames.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: ZIBho Class -
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlpLauncher Class -
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program
Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: IeCatch2 Class -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FWN Toolbar -
{3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC]
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup]
E:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight -
C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight
Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: (no name) -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab
O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1}
(PhotosCtrlCA Class) -
http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545}
(FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7B1FC6A8-C5DE-486D-A8CA-38EFB4FBAFA4}:
NameServer = 202.47.132.9 202.47.132.6


please help  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />
Logged

guestolo

  • Guest
Slow Machine
« Reply #3 on: October 10, 2004, 01:05:00 PM »
Access your Add/Remove Programs and Remove if found
FINDWHATEVERNOW

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: (no name) -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FWN Toolbar -
{3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7} -
C:\WINDOWS\SYSTEM32\FWNToolbar.dll

O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {11010101-1001-1111-1000-110263637096} -
ms-its:mhtml:file://c:\nosuch.mht!http://dev.eurodnsservices.com/fwni/kill.chm::/d_Main.exe

Optionally remove the next ones too, there NOT needed on startup, programs work fine without them

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE

RESTART your computer

This entry here
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
I don't know much about it, and can't find a privacy policy on them
Do you know if it is a safe program?

Your 017 entry tells me that your ISP may be located somewhere in the Phillipines
Mosaic Communications
Does this look right to you?

Download and Install the free version of Ad-Aware
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

Post back with a Fresh hijackthis log afterwards and let me know how it's going...
When posting back your log, please don't modify it, it any way, just copy and paste
the contents of the log back here in it's original state
Logged

Guest

  • Guest
Slow Machine
« Reply #4 on: October 11, 2004, 08:14:26 AM »
Yes I'm on Mindinao in the Philippines, Achronet is a program I use to keep track of my internet useage. just got power back after 12 hrs off. I think I got everything you said done and it took some time. Heres the new log.
Logfile of HijackThis v1.98.2
Scan saved at 6:29:38 PM, on 10/11/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Achronet\Achronet.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: ZIBho Class -
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program
Files\Kontiki\bin\bh304181.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FlpLauncher Class -
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program
Files\E-Book Systems\FlipViewer\fplaunch.dll
O2 - BHO: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class -
{A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O3 - Toolbar: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program
Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG_CC]
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServicesOnce: [Iomega CD-RW Setup]
E:\Iomega_CD-RW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Achronet.lnk =
C:\Achronet\Achronet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: GoBack.lnk = C:\Program
Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight -
C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight
Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone -
{4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\JETCAR.EXE
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clie...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MahJong -
http://download.games.yahoo.com/games/clie...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clie...s/y/mjst3_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
http://dl.filekicker.com/send/file/128985-...IL/PhPSetup.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {707FC7B7-B227-4DF6-A606-0EC317BB08A1}
(PhotosCtrlCA Class) -
http://ca.photos.groups.yahoo.com/ocx/ca/y...plorer1_9ca.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545}
(FVLiteLoad Class) -
http://digitalflip.biz/fvlite22/fvlite.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
Logged

Guest

  • Guest
Slow Machine
« Reply #5 on: October 12, 2004, 07:53:45 PM »
message via Hurricane- got fax from Don, his server is down again ,he uses cards for access, machine is faster, problems began as you guessed Guestelo with an attempted uninstall of Norton, on re-install the install stopped when it announces Norton was already on the system, even though it was off the add and remove program list. I sent reg clean to his nieghbour who will copy to floppie and see he gets it.
Logged
Pages: [1]
« previous next »