• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
pt1us

My Computer Is Running Very Very Slow ! Help Me

4 posts in this topic

My Computer is running very very :weep: slow :weep: , Below is the latest Hijackthis Log file please :wtf: guide me what to delete and how to delete from this log file.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 4:46:44 AM, on 7/12/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O1 - Hosts: 69.61.38.52 ie.search.msn.com

O1 - Hosts: 69.61.38.54 uh-oh.net www.uh-oh.net www.thumbnailseries.com thumbnailseries.com goatlist.com www.goatlist.com www.worldsex.com worldsex.com www.al4a.com al4a.com

O1 - Hosts: 69.61.38.54 www.89.com 89.com www.thumberland.com thumberland.com www.freeheaven.com freeheaven.com www.spyass.com spyass.com www.starslist.com starslist.com

O1 - Hosts: 69.61.38.54 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com lloronas.com www.lloronas.com p0rno.org www.p0rno.org www.ampland.com ampland.com

O1 - Hosts: 69.61.38.54 dianapost.com www.dianapost.com www.xnxx.com xnxx.com www.zadina.com zadina.com www.frogsex.com frogsex.com teenagesecrets.biz www.teenagesecrets.biz

O1 - Hosts: 69.61.38.54 www.mature-post.com mature-post.com www.call-kelly.com call-kelly.com www.boneme.com boneme.com sexyfotky.cz www.sexyfotky.cz sleazydream.com www.sleazydream.com

O1 - Hosts: 69.61.38.54 sexape.com www.sexape.com picwarehouse.com www.picwarehouse.com cowlist.com www.cowlist.com sublimedirectory.com sexocean.com www.sexocean.com rubias19.com www.rubias19.com

O1 - Hosts: 69.61.38.54 www.sublimedirectory.com www.88by88.com 88by88.com elreyano.com www.elreyano.com purextc.com www.purextc.com madthumbs.com www.madthumbs.com officespy.com www.officespy.com

O1 - Hosts: 69.61.38.54 muyzorras.com www.muyzorras.com pussy.org www.pussy.org freesmutseries.net www.freesmutseries.net porno-pics-free.com www.porno-pics-free.com catlist.com

O1 - Hosts: 69.61.38.54 pichunter.com www.pichunter.com teeniefiles.com www.teeniefiles.com bunnyteens.com www.bunnyteens.com jpeg4free.com www.jpeg4free.com www.catlist.com

O1 - Hosts: 69.61.38.54 amateurcurves.com www.amateurcurves.com hammervideo.com www.hammervideo.com rawpussy.com www.rawpussy.com teeniesxxx.com www.teeniesxxx.com porn-view.com www.porn-view.com

O1 - Hosts: 69.61.38.54 pornstarfinder.net www.pornstarfinder.net jennysbookmarks.com www.jennysbookmarks.com babes4free.com www.babes4free.com 3pic.com www.3pic.com fuckk.com www.fuckk.com

O1 - Hosts: 69.61.38.54 searchgals.com www.searchgals.com picsmonster.com www.picsmonster.com sublimepie.com www.sublimepie.com easygals.com www.easygals.com pornhelious.com www.pornhelious.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"

O4 - HKLM\..\RunServices: [WSAConfiguration] wmon32.exe

O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cslsp.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=iehomepage&c=3C01&lc=6809

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...332/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F0314518-BE2D-4CC7-8BC1-02A537EBC56C}: NameServer = 61.16.147.33

Share this post


Link to post
Share on other sites

Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

 

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

 

O4 - HKLM\..\RunServices: [WSAConfiguration] wmon32.exe

O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe

 

Not needed on starup

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

RESTART your computer

 

Download

Hoster from here:

http://members.aol.com/toadbee/hoster.zip

Unzip, install the program and run it.

Press *Restore Original Hosts* and press OK*

 

Not that there's anything wrong with controlling startups with MSCONFIG

but you may be hiding malware that you are not aware of

Please go to Start >>>Run>>>type in "msconfig" without quotes, and do a normal startup

Restart your computer and post a fresh hijackthis log

 

Post back with a fresh hijackthis log and let us know how your doing

Share this post


Link to post
Share on other sites

I have done the thing as you have said,I fixed those entries from "Hijackthis" and restore the original hosts from the software "hoster" and done the noraml startup. after restarting my computer when I tried to open the Hijackthis program to make a fresh log,what I found that it is not opeing,and the computer become slower than before.So now what should I do to make that "Hijackthis" run,when I tried to open the "msconfig" the same thing I found that it is also not opening. and one thing more I should tell you I have Trend Micro Internet Security Installed on my computer but every time I run my computer I get the following message :

 

Damage Cleanup Service

 

Trend Micro Internet Security has detected a virus and performed a scan action.

 

Virus Name WORM AGOBOT-1 , WORM DONK.B

 

Action Result Clean Successful

 

I am getting this message again and again,what I am unable to understand that if it has cleaned the virus then how it is managing to come again and again. now how do I get rid of it permanently.For your knowledge sake I should tell you that when I have made a full scan of my computer through Trend Micro for the first time it found 350 viruses and Quarintined them all and now I do the scan it finds no virus.

Share this post


Link to post
Share on other sites

Have you downloaded the latest virus definitions for you Anti-virus--is your AV being shut down?

You should update your latest pattern file , if you can

Identification of this "WORM DONK.B" may indicate your virus definitions are outdated-----I'm just checking

 

You should first visit Windows Update and get ALL latest Critical Updates and Services Packs, including IE security patches if possible

 

Your system is compromised by not being patched

 

With your Anti-Virus fully updated ---- Disable System Restore

 

 

Restart your computer in Safe Mode

If you cannot use msconfig method try the F8 method

 

Do a full system Scan in safe mode

 

Can you access msconfig in safe mode and/or can you run hijackthis in safe mode?

 

If none of the above can you do an online scan at Panda's

 

Let it clean everything it can or take note what it can't fix

Do the above instructions----take note of any running processes considered malware

Enter your Task Manager (Hold down CTRL+SHIFT and tap the ESC key)

End the process on those-----this is most preferrable in Safe Mode

With system restore disabled run a full virus scan

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0