Jump to content


Photo

My Computer Is Running Very Very Slow ! Help Me


  • This topic is locked This topic is locked
3 replies to this topic

#1 pt1us

pt1us

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 July 2004 - 06:45 PM

My Computer is running very very :weep: slow :weep: , Below is the latest Hijackthis Log file please :wtf: guide me what to delete and how to delete from this log file.


Logfile of HijackThis v1.97.7
Scan saved at 4:46:44 AM, on 7/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 69.61.38.52 ie.search.msn.com
O1 - Hosts: 69.61.38.54 uh-oh.net www.uh-oh.net www.thumbnailseries.com thumbnailseries.com goatlist.com www.goatlist.com www.worldsex.com worldsex.com www.al4a.com al4a.com
O1 - Hosts: 69.61.38.54 www.89.com 89.com www.thumberland.com thumberland.com www.freeheaven.com freeheaven.com www.spyass.com spyass.com www.starslist.com starslist.com
O1 - Hosts: 69.61.38.54 amandalist.com www.amandalist.com www.absolut-series.com absolut-series.com lloronas.com www.lloronas.com p0rno.org www.p0rno.org www.ampland.com ampland.com
O1 - Hosts: 69.61.38.54 dianapost.com www.dianapost.com www.xnxx.com xnxx.com www.zadina.com zadina.com www.frogsex.com frogsex.com teenagesecrets.biz www.teenagesecrets.biz
O1 - Hosts: 69.61.38.54 www.mature-post.com mature-post.com www.call-kelly.com call-kelly.com www.boneme.com boneme.com sexyfotky.cz www.sexyfotky.cz sleazydream.com www.sleazydream.com
O1 - Hosts: 69.61.38.54 sexape.com www.sexape.com picwarehouse.com www.picwarehouse.com cowlist.com www.cowlist.com sublimedirectory.com sexocean.com www.sexocean.com rubias19.com www.rubias19.com
O1 - Hosts: 69.61.38.54 www.sublimedirectory.com www.88by88.com 88by88.com elreyano.com www.elreyano.com purextc.com www.purextc.com madthumbs.com www.madthumbs.com officespy.com www.officespy.com
O1 - Hosts: 69.61.38.54 muyzorras.com www.muyzorras.com pussy.org www.pussy.org freesmutseries.net www.freesmutseries.net porno-pics-free.com www.porno-pics-free.com catlist.com
O1 - Hosts: 69.61.38.54 pichunter.com www.pichunter.com teeniefiles.com www.teeniefiles.com bunnyteens.com www.bunnyteens.com jpeg4free.com www.jpeg4free.com www.catlist.com
O1 - Hosts: 69.61.38.54 amateurcurves.com www.amateurcurves.com hammervideo.com www.hammervideo.com rawpussy.com www.rawpussy.com teeniesxxx.com www.teeniesxxx.com porn-view.com www.porn-view.com
O1 - Hosts: 69.61.38.54 pornstarfinder.net www.pornstarfinder.net jennysbookmarks.com www.jennysbookmarks.com babes4free.com www.babes4free.com 3pic.com www.3pic.com fuckk.com www.fuckk.com
O1 - Hosts: 69.61.38.54 searchgals.com www.searchgals.com picsmonster.com www.picsmonster.com sublimepie.com www.sublimepie.com easygals.com www.easygals.com pornhelious.com www.pornhelious.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\RunServices: [WSAConfiguration] wmon32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cslsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=iehomepage&c=3C01&lc=6809
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.../20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...332/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0314518-BE2D-4CC7-8BC1-02A537EBC56C}: NameServer = 61.16.147.33

#2 wrb

wrb

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 122 posts

Posted 11 July 2004 - 08:48 PM

Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\RunServices: [WSAConfiguration] wmon32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe

Not needed on starup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

RESTART your computer

Download
Hoster from here:
http://members.aol.c...dbee/hoster.zip
Unzip, install the program and run it.
Press *Restore Original Hosts* and press OK*

Not that there's anything wrong with controlling startups with MSCONFIG
but you may be hiding malware that you are not aware of
Please go to Start >>>Run>>>type in "msconfig" without quotes, and do a normal startup
Restart your computer and post a fresh hijackthis log

Post back with a fresh hijackthis log and let us know how your doing

#3 pt1us

pt1us

    Member

  • New Member
  • Pip
  • 2 posts

Posted 12 July 2004 - 01:04 PM

I have done the thing as you have said,I fixed those entries from "Hijackthis" and restore the original hosts from the software "hoster" and done the noraml startup. after restarting my computer when I tried to open the Hijackthis program to make a fresh log,what I found that it is not opeing,and the computer become slower than before.So now what should I do to make that "Hijackthis" run,when I tried to open the "msconfig" the same thing I found that it is also not opening. and one thing more I should tell you I have Trend Micro Internet Security Installed on my computer but every time I run my computer I get the following message :

Damage Cleanup Service

Trend Micro Internet Security has detected a virus and performed a scan action.

Virus Name WORM AGOBOT-1 , WORM DONK.B

Action Result Clean Successful

I am getting this message again and again,what I am unable to understand that if it has cleaned the virus then how it is managing to come again and again. now how do I get rid of it permanently.For your knowledge sake I should tell you that when I have made a full scan of my computer through Trend Micro for the first time it found 350 viruses and Quarintined them all and now I do the scan it finds no virus.

#4 wrb

wrb

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 122 posts

Posted 12 July 2004 - 11:41 PM

Have you downloaded the latest virus definitions for you Anti-virus--is your AV being shut down?
You should update your latest pattern file , if you can
Identification of this "WORM DONK.B" may indicate your virus definitions are outdated-----I'm just checking

You should first visit Windows Update and get ALL latest Critical Updates and Services Packs, including IE security patches if possible

Your system is compromised by not being patched

With your Anti-Virus fully updated ---- Disable System Restore


Restart your computer in Safe Mode
If you cannot use msconfig method try the F8 method

Do a full system Scan in safe mode

Can you access msconfig in safe mode and/or can you run hijackthis in safe mode?

If none of the above can you do an online scan at Panda's

Let it clean everything it can or take note what it can't fix
Do the above instructions----take note of any running processes considered malware
Enter your Task Manager (Hold down CTRL+SHIFT and tap the ESC key)
End the process on those-----this is most preferrable in Safe Mode
With system restore disabled run a full virus scan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button