 |  |  |  |  |  |  |  |
Huge PF consumption, and hidden spyware files from my reputable scanners?
 |
•
•
Join Date: Jul 2004
Posts: 68
Reputation: 
Solved Threads: 1
Junior Poster in Training
Hi, I’m thinking I’m having some Major problems with my systems tower but I’ll just start with the problems I diagnosed from the beginning
Incredibly high PF usage: Initially this wasn’t a problem, now it’s sky rocketing to the 300’s when I have slightly more applications open then I generally have. This wasn’t a problem when I first purchased the computer, so I assume it is one now.
I remember someone telling me to check out my startup list and this is the few problematic files that I found (Yet could not find on my computer nor get rid of on safe mode)
smss.exe: Added as a result of the FLOOD.F VIRUS! Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!
Spoolsv: X Spoolsv.exe Added as a result of the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
GLSetIT32 Xisass.exe Added as a result of a variant of the OPTIX PRO series of VIRUSES!
I checked the folders that the alleged virus files were in but found nothing...any ideas?
Furthermore, I think my computer is riddled with hidden spyware files, despite my scanning of the computer countless times with Adaware (http://www.lavasoftusa.com/software/adaware), and Spybot (http://www.safer-networking.org/index.php?page=download) search and destroy (along with its accompanying companion, Spyware Blaster http://www.javacoolsoftware.com/) not to mention how I was already scanning my system daily in the past with these programs before I encountered this sudden slow desktop, and spiking PF usage that I assume is the cause of my computers lag.
I own and have used Norton System works 2004 Professional since I purchased the computer, and I have updated and scanned my computer regularly for problems. It has encountered neither viruses nor spyware. However I realize it doesn’t scan every spyware file out their, So the point of this is just to explain why I don’t suspect a viral file bogging down my system.
Here is my Hijack This log and I warn you techies that it’s a long and laborious read, but I implore you with your infinite knowledge to help me because all of this information is mambo jumbo to me. I know I shouldnt rely on the Hijack log, but I think its necessary in my current situation.
Logfile of HijackThis v1.98.2
Scan saved at 6:02:12 PM, on 10/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Shaw Help - {3D6D2B6C-9B3C-4698-B7F7-AE1B6DA30224} - http://support.shaw.home.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
On top of this, my computers hard drive seems to have difficulty defragmenting properly (this was a problem actually since I purchased it about 6 months ago) What are some steps I can take to correct this?
I remember previously someone offered me a website that did some kind of checksum value. I attempted defragmenting my hard drive with Norton Speed disk, and Windows Optimizer. Both kept it barely above 70% optimization. I’ve run Norton Disk Doctor and encountered really no problems, so I’m a bit confused. Should I reformat my hard drive? I’d rather not If possible. I have too much on this system that isn’t, and can’t be backed up just yet.
Any to all help is greatly, GREATLY appreciated. I've left my computer running like this for too long and I'd like to get it running smoothly again.
Incredibly high PF usage: Initially this wasn’t a problem, now it’s sky rocketing to the 300’s when I have slightly more applications open then I generally have. This wasn’t a problem when I first purchased the computer, so I assume it is one now.
I remember someone telling me to check out my startup list and this is the few problematic files that I found (Yet could not find on my computer nor get rid of on safe mode)
smss.exe: Added as a result of the FLOOD.F VIRUS! Note - this is not the legitimate Smss.exe system file should normally NOT figure in Msconfig/Startup!
Spoolsv: X Spoolsv.exe Added as a result of the CIADOOR.121 VIRUS! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
GLSetIT32 Xisass.exe Added as a result of a variant of the OPTIX PRO series of VIRUSES!
I checked the folders that the alleged virus files were in but found nothing...any ideas?
Furthermore, I think my computer is riddled with hidden spyware files, despite my scanning of the computer countless times with Adaware (http://www.lavasoftusa.com/software/adaware), and Spybot (http://www.safer-networking.org/index.php?page=download) search and destroy (along with its accompanying companion, Spyware Blaster http://www.javacoolsoftware.com/) not to mention how I was already scanning my system daily in the past with these programs before I encountered this sudden slow desktop, and spiking PF usage that I assume is the cause of my computers lag.
I own and have used Norton System works 2004 Professional since I purchased the computer, and I have updated and scanned my computer regularly for problems. It has encountered neither viruses nor spyware. However I realize it doesn’t scan every spyware file out their, So the point of this is just to explain why I don’t suspect a viral file bogging down my system.
Here is my Hijack This log and I warn you techies that it’s a long and laborious read, but I implore you with your infinite knowledge to help me because all of this information is mambo jumbo to me. I know I shouldnt rely on the Hijack log, but I think its necessary in my current situation.
Logfile of HijackThis v1.98.2
Scan saved at 6:02:12 PM, on 10/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qca10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Shaw High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Shaw Help - {3D6D2B6C-9B3C-4698-B7F7-AE1B6DA30224} - http://support.shaw.home.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/act...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/act...ActiveData.cab
On top of this, my computers hard drive seems to have difficulty defragmenting properly (this was a problem actually since I purchased it about 6 months ago) What are some steps I can take to correct this?
I remember previously someone offered me a website that did some kind of checksum value. I attempted defragmenting my hard drive with Norton Speed disk, and Windows Optimizer. Both kept it barely above 70% optimization. I’ve run Norton Disk Doctor and encountered really no problems, so I’m a bit confused. Should I reformat my hard drive? I’d rather not If possible. I have too much on this system that isn’t, and can’t be backed up just yet.
Any to all help is greatly, GREATLY appreciated. I've left my computer running like this for too long and I'd like to get it running smoothly again.
-Operating System: Windows XP Home Edition
-Console Model & Manufacturer: COMPAQ Presario SR1030NX
-Processor: AMD Athlon XP 3000 Processor (2.17Ghz)
-RAM: 1 gig (2x 512 DDR, PC2700 chips)
-Harddrive: 160GB (7200 RPM) Ultra DMA Hard drive
-Graphics Card: Radieon 9200 (128mb)
-Console Model & Manufacturer: COMPAQ Presario SR1030NX
-Processor: AMD Athlon XP 3000 Processor (2.17Ghz)
-RAM: 1 gig (2x 512 DDR, PC2700 chips)
-Harddrive: 160GB (7200 RPM) Ultra DMA Hard drive
-Graphics Card: Radieon 9200 (128mb)
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 753
Only one thing I can see.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\Program Files\DR_S\DR_S.exe-file
Reboot normally.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\Program Files\DR_S\DR_S.exe-file
Reboot normally.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Jul 2004
Posts: 68
Reputation:
Solved Threads: 1
Junior Poster in Training
•
•
•
•
Originally Posted by crunchie
Only one thing I can see.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\Program Files\DR_S\DR_S.exe-file
Reboot normally.
Any ideas on why my PF usage is so high?
-Operating System: Windows XP Home Edition
-Console Model & Manufacturer: COMPAQ Presario SR1030NX
-Processor: AMD Athlon XP 3000 Processor (2.17Ghz)
-RAM: 1 gig (2x 512 DDR, PC2700 chips)
-Harddrive: 160GB (7200 RPM) Ultra DMA Hard drive
-Graphics Card: Radieon 9200 (128mb)
-Console Model & Manufacturer: COMPAQ Presario SR1030NX
-Processor: AMD Athlon XP 3000 Processor (2.17Ghz)
-RAM: 1 gig (2x 512 DDR, PC2700 chips)
-Harddrive: 160GB (7200 RPM) Ultra DMA Hard drive
-Graphics Card: Radieon 9200 (128mb)
|
Similar Threads
- Hidden files? (Windows NT / 2000 / XP)
- Hidden files and folders problem (Viruses, Spyware and other Nasties)
- If you're getting lots of pos.tmp files in C:, startup popups... (Viruses, Spyware and other Nasties)
- Cannot view Hidden Files & Folders (Windows Software)
- MORE ie7 hanging/sometimes Firefox too! (Web Browsers)
- lost/ hidden files (Windows NT / 2000 / XP)
- shagz1181: Hijackthis log (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Security Alerts
- Next Thread: Trojan horse Downloader.VB.R
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting reliability report research rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
