+ Reply to Thread
Results 1 to 3 of 3
LinkBack URL
About LinkBacks-
June 17th, 2004, 09:44 PM #1Member
- Join Date
- Oct 2003
- Posts
- 486
Check out this "Hijackthis" and "Startuplist" for me?
I have a system:
Dell Dimension
Celeron 800Mhz
64Mb RAM
Windows 98
I primarly use this PC for business. The other day it was fast and crisp and now today, it has slowed down tremdously (right after I added DSL and someone getting on the PC and doing something that they shouldn't have). And no, it is not the DSL connection that is slowing down the PC. I have tried disconnecting external and internal devices to troubleshoot the problem down and none of that seems to help. Here is what I did to speed up performance so far:
Ran Ad-Aware with updated definitions and deleted 165 objects
Ran a full Norton AV scan w/ updated definitions (didn't find no viruses)
Removed unessary programs from "add and remove programs" (such as: My Search Bar)
Ran Defrage
Ran Scandisk
Ran Msconfig and got rid of any unessary apps running on startup
After I did this, I noticed a 50% increase in performance. I am still getting pop ups on my desktop though. I thought that ad aware would get rid of spyware that causes most pop ups, but that didn't seem to stop the pop ups. They come up about every 30 seconds to 2 mins. It is not a large amount of them, but it does get aggrivating. Most of them pop up, then go down to the bottom task bar, and then just dissapear without ever showing anything???? Strange.... Anyway, here is a hijackthis list and startuplist of how the PC is right now. Any suggestions????
Logfile of HijackThis v1.97.7
Scan saved at 7:51:02 PM, on 6/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\HPHIPM11.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.companion.yahoo.com/slv/y.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://rd.companion.yahoo.com/slv/y...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://rd.companion.yahoo.com/slv/y...com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no
file)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [DeviceDiscovery] c:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart
11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program
Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec
Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.c...8117.3329282407
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: Yahoo! Freecell Solitaire -
http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/tec...ta/SymAData.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O18 - Protocol: pcn - {D540F040-F3D9-11D0-95BE-00C04FD93CA5} - C:\PROGRAM
FILES\ENCOMPASS\V1MK.DLL
StartupList report, 6/17/04, 7:51:20 PM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\HPHIPM11.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
SystemTray = SysTray.Exe
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb07.exe
DeviceDiscovery = c:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
HPHmon04 = C:\WINDOWS\SYSTEM\HPHMON04.EXE
HPHUPD04 = "C:\Program Files\HP Photosmart
11\hphinstall\UniPatch\hphupd04.exe"
Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
Gene USB Monitor = c:\windows\SYSTEM\USBMonit.exe
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec Core LC = C:\Program Files\Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe start
IS CfgWiz = c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID
NIS /CMDLINE "REBOOT"
URLLSTCK.exe = c:\Program Files\Norton Internet Security\UrlLstCk.exe
WinTools = C:\Program Files\Common files\WinTools\WToolsA.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
SchedulingAgent = mstask.exe
WinTools = C:\Program Files\Common files\WinTools\WToolsA.exe
ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr = "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 17/6/2004, 19:48:38)
[RENAME]
NUL=c:\WINDOWS\TEMP\~822059.TMP
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 17/6/2004, 19:41:20)
[RENAME]
NUL=C:\WINDOWS\SYSTEM\SSRAPI.DLL
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
HP Usg Daily.job
HP Usg Login.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/...ash/swflash.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE =
http://v4.windowsupdate.microsoft.c...8117.3329282407
[Web P2P Installer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBP2PINSTALLER.DLL
[{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
InProcServer32 = C:\WINDOWS\SYSTEM\IGFRARED.DLL
CODEBASE = http://www.bundleware.com/activeX/DS3/DS3.cab
[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE =
https://www-secure.symantec.com/tec.../ActiveData.cab
[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYMADATA.DLL
CODEBASE = https://www-secure.symantec.com/tec...ta/SymAData.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security.symantec.com/sscv6/...bin/AvSniff.cab
[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security.symantec.com/sscv6/...n/bin/cabsa.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 5,978 bytes
Report generated in 0.233 seconds
-
June 18th, 2004, 07:34 AM #2Member
- Join Date
- Nov 2003
- Location
- Western Australia
- Posts
- 48
Here is how to read the hijackthis logfile .
Compare it with yours .
http://homepage.ntlworld.com/dvk01uk/tutorial.htm
http://www.spywareinfo.com/~merijn/htlogtutorial.html
http://www.help2go.com/article153.html
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://www.spychecker.com/program/bholist.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list
Beginners Guides: Browser Hijacking & How to Stop It
http://www.pcstats.com/articleview.cfm?articleID=1579
-
June 18th, 2004, 01:02 PM #3Member
- Join Date
- Oct 2003
- Posts
- 486
Good Info!!! Thanks!
Reply With QuoteThread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
What browser do you use?
By ArcticFox in forum General Tech DiscussionReplies: 150Last Post: February 22nd, 2005, 12:56 AM -
Hilary Duff
By ablang in forum IMO CommunityReplies: 30Last Post: February 1st, 2004, 01:26 AM -
Awesome Karate vid...
By jch216 in forum IMO CommunityReplies: 20Last Post: November 26th, 2003, 01:49 PM -
What does this mean ->> >> <<-
By Richard Cranium in forum IMO CommunityReplies: 2Last Post: December 20th, 2001, 07:37 PM
Favorite YouTube, Google Video,...