0

My computer has become very slow lately, especially on start-up. I ran hijackthis and here is my log file. Can anyone help?? Please!


Logfile of HijackThis v1.98.2
Scan saved at 01:03:12, on 19/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\SM1BG.EXE
C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Arquivos de programas\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Arquivos de programas\Palm\HOTSYNC.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Documents and Settings\Ashok\Meus documentos\Anti-spyware\Hyjack_This\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5134320-4F42-47C8-9B2B-8AAD58CCB610}: NameServer = 201.10.120.3 201.10.1.2

(Thanks)

5
Contributors
17
Replies
18
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Having too many things running could be slowing it down. Here are a few things that you may not need running all the time, or at least not on startup:
Roxio, Quick Time, Palm, Messenger

Check this site for information on settings:
http://www.blackviper.com/WinXP/servicecfg.htm

Whenever you scan with HJT, make sure all browser windows are closed first. Scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

That's all I see, maybe one of the pro's will spot something else.

0

Thanks. But, how to I prevent Roxio, Quick Time, Palm, Messenger from starting when I initialize my computer?
As for HJT, if I fix the options you recommended, will I lose my Yahoo! Toolbar ? Because I use it a lot when on the web.
Thanks again, and waiting for a reply...

0

You shouldn't lose your yahoo toolbar by deleting what dlh recommended. When my computer was messing up, I had to remove some entries similar to what he told you to fix, and my yahoo toolbar was still there afterwards. :)

0

Thanks for your reply. How do I remove Roxio, Quick Time, Palm, and Messenger from my Startup? I use Windows XP OS.

0

Go to your Control Panel, Administrative Tools, Services. In the list on the left side, find the name of the service you want to change; go over to the Startup Type column and change it from automatic to manual. Use the Blackviper website I gave earlier as a guide to settings. You should only change one or two at a time and run your system for a couple of days to make sure you haven't changed something you want.

After you have HJT fix the noted entries, please post a new log.

0

Fixing the following with hijackthis should prevent them from running automatically;

O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

You can also go to Start\Run and type Msconfig then hit okay then go to startup files and disable what you do not want to start at start-up.

0

OK, I did all the HJT fixes in the messages above and here is my new log:

Logfile of HijackThis v1.98.2
Scan saved at 20:41:33, on 20/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\SM1BG.EXE
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ashok\Meus documentos\Anti-spyware\Hyjack_This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5134320-4F42-47C8-9B2B-8AAD58CCB610}: NameServer = 201.10.120.3 201.10.1.2


What do you think?
P.S. I´m utterly lost (don´t understand a thig) about the blackviper page. I need more like "for dummies" instructions!!

0

How is your computer running now? Your log looks okay to me, but maybe crunchie or someone else will spot something.

0

HI, my computer is running smooth. Startup is still a little slow though, but I got rid of things like HotSync (Palm) and Roxio running on startup. But now there is always the Windows update icon in the tray by the clock, only it´s not uploading any updates??
Shouldn´t it not be there ??

0

How is your computer running now? Your log looks okay to me, but maybe crunchie or someone else will spot something.

IT'S FULL OF SPYWARE ! :evil:

0

HI, my computer is running smooth. Startup is still a little slow though, but I got rid of things like HotSync (Palm) and Roxio running on startup. But now there is always the Windows update icon in the tray by the clock, only it´s not uploading any updates??
Shouldn´t it not be there ??

THATS BECAUSE SOMEONE :twisted: is watching you ..

0

Thanks Peebrain :). Your input is valued.

thadani. Go to Start\Control Panel and then Automatic Updates. Double click on it and you can then disable it if you wish. You must then remember to update manually yourself!!

0

Thanks crunchie. I now ran Norton Antivirus 2004 and found out I am infected by Adware.MyBar (although I don´t see any toolbar) + Adware.DealHelper. I also had Adware.BlazeFind but I managed to have Spybot Search & Destroy get rid of this. Why doesn´t NAV delete the adware ???
Damn adware!!!

0

I decided to take the "bad medicine" :mad:
I saved my personal files and then restored the original configuration that came with my PC (using the restoration disk). Then I reinstalled Spybot S&D and Ad-aware. And I installed Zone Alarm firewall. After that I downloaded a 30-day trial of NOD32 antivirus to compare with NAV 2004.
My system is smooth, much faster, no malware, etc... :lol: :lol:
Should I post another HJT log :?:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.