View Full Version : computer very slow
justime8
2008-01-24, 07:13
Hi, trying to fix freinds computer it has been way slow for a very long time and he stoped useing it. now it is still very slow its has 256 ram, gateway, 564 mhz,20 gig hd .please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:41 PM, on 01/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lycos.com/srch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - c:\WINDOWS\system32\NZDD.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "c:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - c:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ComcastHSI - {BDBE85C0-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {BDBE85C1-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {BDBE85C2-1CD5-11D6-8735-00E02975C6FF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201097735128
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
--
End of file - 4494 bytes
AND
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 23, 2008 8:22:34 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/01/2008
Kaspersky Anti-Virus database records: 529153
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 26101
Number of viruses found 9
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 01:13:58
Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\DialerOffline.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
C:\WINDOWS\SYSTEM32\GirlControlCom.dll Infected: not-a-virus:Porn-Downloader.Win32.StripPlayer skipped
C:\WINDOWS\SYSTEM32\stub.exe Infected: not-a-virus:AdWare.Win32.EZula.ai skipped
C:\WINDOWS\SYSTEM32\IEHelperMiddleMan.dll Infected: not-a-virus:AdWare.Win32.Bonzo.a skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\SCHEDLOG.TXT Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\ipsecpa.log Object is locked skipped
C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe Infected: not-a-virus:AdWare.Win32.OnFlow skipped
C:\Program Files\Save\Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
C:\Program Files\Save\SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
C:\Documents and Settings\All Users\Desktop\utilities\acd205se.zip/audiocd_205_se.exe/CD_Gif.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\All Users\Desktop\utilities\acd205se.zip/audiocd_205_se.exe/cd_load.exe Infected: not-a-virus:AdWare.Win32.Cydoor.f skipped
C:\Documents and Settings\All Users\Desktop\utilities\acd205se.zip/audiocd_205_se.exe Infected: not-a-virus:AdWare.Win32.Cydoor.f skipped
C:\Documents and Settings\All Users\Desktop\utilities\acd205se.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\jnfrcrby\51lcjcuk.slt\history.dat Object is locked skipped
Scan process completed.
pskelley
2008-01-24, 20:07
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Thanks for posting the correct information. You have some junk that needs to go but you need to understand 256 MB's of RAM is just not enough with all of the resource heavy programs (streaming, etc) folks run now days.
http://ask-leo.com/how_much_memory_do_i_really_need_for_windows_xp.html
I have 1.25 GB's on my Windows XP computer.
http://whois.domaintools.com/217.116.231.7 <<< does your friend recognize this IP information and is the host file set like that on purpose.
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\HH.DLL
(these two are resource wasters associated with Alexa, if Alexa is not use, remove them)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) RIGHT Click on Start then click on Explore. Locate and delete these items:
(delete the files/folders in RED, if you have to do it in Safe Mode)
http://spyware-free.us/tutorials/safemode/
C:\WINDOWS\SYSTEM32\DialerOffline.dll
C:\WINDOWS\SYSTEM32\GirlControlCom.dll
C:\WINDOWS\SYSTEM32\stub.exe
C:\WINDOWS\SYSTEM32\IEHelperMiddleMan.dll
C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe
C:\Program Files\Save\<< folder and contents
C:\Documents and Settings\All Users\Desktop\utilities\acd205se.zip
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post a new HJT log and a new Kaspersky scan report. How is the computer running now?
Thanks
Make sure the antivirus program is runing properly, seems I do not see it in running processes in the HJT log?
justime8
2008-01-26, 01:45
well i was unable to find
C:\WINDOWS\SYSTEM32\DialerOffline.dll
C:\WINDOWS\SYSTEM32\GirlControlCom.dll
C:\WINDOWS\SYSTEM32\stub.exe
C:\WINDOWS\SYSTEM32\IEHelperMiddleMan.dll
with windows explorer and no my friend has on idea about host file set up or that IP I am aware that 256 is not enough ram but thats is what he has, for now I have him looking for some more will have more soon!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:36 PM, on 01/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - c:\WINDOWS\system32\NZDD.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "c:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - c:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ComcastHSI - {BDBE85C0-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {BDBE85C1-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {BDBE85C2-1CD5-11D6-8735-00E02975C6FF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201097735128
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
--
End of file - 3897 bytes
AND
KASPERSKY ONLINE SCANNER REPORT
Friday, January 25, 2008 3:28:02 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532835
this computer is running better still very slow
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 24727
Number of viruses found 4
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:11:06
Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\DialerOffline.dll Infected: not-a-virus:Dialer.Win32.DialerOffline skipped
C:\WINDOWS\SYSTEM32\GirlControlCom.dll Infected: not-a-virus:Porn-Downloader.Win32.StripPlayer skipped
C:\WINDOWS\SYSTEM32\stub.exe Infected: not-a-virus:AdWare.Win32.EZula.ai skipped
C:\WINDOWS\SYSTEM32\IEHelperMiddleMan.dll Infected: not-a-virus:AdWare.Win32.Bonzo.a skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\SCHEDLOG.TXT Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\ipsecpa.log Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
Scan process completed.
justime8
2008-01-26, 01:49
And folder options for c: were set to view hidden when I looked
pskelley
2008-01-26, 02:14
Thanks for returning this information, let's fix the host file issue like this:
Download the HostsXpert 4.2 - Hosts File Manager.
http://www.funkytoad.com/download/HostsXpert.zip
Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Kaspersky scan shows this, I can not find these files for you. You might want to review this information:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Then use search companion, or whatever you must do to locate and delete those files.
C:\WINDOWS\SYSTEM32\DialerOffline.dll ------> Dialer.Win32.DialerOffline skipped
C:\WINDOWS\SYSTEM32\GirlControlCom.dll ------> Porn-Downloader.Win32.StripPlayer skipped
C:\WINDOWS\SYSTEM32\stub.exe ------> AdWare.Win32.EZula.ai skipped
C:\WINDOWS\SYSTEM32\IEHelperMiddleMan.dll ------> AdWare.Win32.Bonzo.a skipped
Use HJT to remove these items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
Make sure the antivirus program is runing properly
I still see no antivirus program in running processes?
If you need a free program, make sure anything on the computer is removed via Add Remove programs and install one of these:
http://free.grisoft.com/freeweb.php/doc/2/
http://www.avast.com/eng/avast_4_home.html
http://www.free-av.com/
Thanks
justime8
2008-01-26, 07:42
I can not uninstall nortons antivirus 2005 or livereg both from symantec corporation and I used search in start list to find those files and deleted them from there is this proper?
I would like to get rid of them
computer running much better!
pskelley
2008-01-26, 11:27
computer running much better!We must be making progress, did you install a new antivirus program?
Symantec/Norton has a tool to clean their leftovers, but first let me see:
1) Uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
2) New HJT log.
Thanks
justime8
2008-01-26, 17:19
Ok here you go. what is this thing real downloads and do i need it and is it faster then microsoft downloader?
56K PCI Voice Modem SF-1156IV R9A
ABBYY FineReader 5.0 Sprint Plus
Adaptec DirectCD
Adaptec Easy CD Creator 4
Adobe Acrobat Reader 3.01
Adobe PageMaker 6.5
Adobe Photoshop 4.0 LE
Adobe Type Manager
Ancient Pictographs v1.1 Screen Saver
ArcSoft Software Suite
AudioCD MP3 Studio 2000
DHCP Convertor
DiMAGE Viewer
Enhanced MediaLoads
EnterNet 300
e-Sword
Eyewitness Encyclopedia of Nature 2.0
Gateway.net
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
IPIX ActiveX Viewer
Kaspersky Online Scanner
LiveReg (Symantec Corporation)
MediaLoads Installer
MetaStream
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Napster v2.0 BETA 7
Norton AntiVirus 2005 (Symantec Corporation)
PhoneTools
QuickAnswers
QuickTime
QuickTime for Windows (32-bit)
RealDownload
RealJukebox
RealPlayer Basic
ScanToWeb
Shockwave 7.0.3 Player
Spybot - Search & Destroy
Update Rollup 1 for Windows 2000 SP4
VeonPlayer
Visioneer 7600 USB Scanner Driver
Visioneer PaperPort 6.1
Webshots!
Window Washer
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See Q828026 for more information]
YearTech 2001
ZipCentral 2.06
and
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:41 AM, on 01/26/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - c:\WINDOWS\system32\NZDD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "c:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - c:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ComcastHSI - {BDBE85C0-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {BDBE85C1-1CD5-11D6-8735-00E02975C6FF} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {BDBE85C2-1CD5-11D6-8735-00E02975C6FF} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201097735128
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
--
End of file - 3680 bytes
pskelley
2008-01-26, 17:43
Uninstall List:
LiveReg (Symantec Corporation) <<< there is your leftover Symantec item, use the uninstaller
Norton AntiVirus 2005 (Symantec Corporation <<< Uninstall
(understand that you should not uninstall those if it is your antivirus program, but as I have said several times, I do not see it running?)
You need to have one antivirus program running in realtime, I posted links for three earlier?
Napster v2.0 BETA 7 <<< I believe Napster is gone?
RealDownload see this: http://www.fbmsoftware.com/spyware-net/process/realdownload_exe/914/
I see RealPlayer and this item may be needed. I use Windows Media Player myself.
And I see it is installed: Windows Media Player 7.1
but I have no indea what your friends needs are, you should get them involved.
I have done about all I can do.
Thanks
justime8
2008-01-26, 18:37
well like I said can not uninstall nortons and it is there. it takes like 10 minuts to pop up this worrning "warning nortons can not scan computer because lisence aggrement is out of date" or something like that and useuly when I start a download and I did uninstall napster going to install firefox still having program crashes and cpu gets pegged out in task manager and stays like that for well ihave not timed it but for 45 sec. or longer at a time. I wonder why you cant see nortons?
justime8
2008-01-26, 18:42
when I use the uninstaller it says "newer version of nortons was detected it needs to be uninstalled first"
pskelley
2008-01-26, 19:05
Here is the information from Symantec/Norton:
http://basconotw.mvps.org/SymRem.htm
If that does not remove it, I suggest you contact Symantec/Norton for help:
http://www.symantec.com/support/index.jsp
The difficulties removing their product is the major reason I will not use or suggest it.
I have a hunch there are other software/hardware issues with this computer and suggest you run a diagnostic here:
http://www.pcpitstop.com/pcpitstop/
I would be glad to look at the results if you post a link to them.
Thanks
justime8
2008-01-26, 20:43
ok here it is I think
thanks for the norton link!
Name Vendor Complete File Name
RealPlayer RealNetworks, Inc. C:\Program Files\Real\RealPlayer\realplay.exe
Webshots Tray Application The Webshots Corporation C:\Program Files\Webshots\WebshotsTray.exe
Remote Registry Microsoft Corporation C:\WINDOWS\system32\regsvc.exe
Print spooler Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
Still Image Monitor Microsoft Corporation C:\WINDOWS\system32\stisvc.exe
Windows Update Microsoft Corporation C:\WINDOWS\system32\wuauclt.exe
AVG Antivirus GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
AVG Antivirus GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
AVG Update GRISOFT, s.r.o. C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
AVG Antivirus GRISOFT, s.r.o. C:\Program Files\Grisoft\AVG7\avgcc.exe
Internet Explorer Microsoft Corporation C:\Program Files\Internet Explorer\iexplore.exe
Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
Windows Management Microsoft Corporation C:\WINDOWS\System32\WBEM\WinMgmt.exe
Scheduled Tasks Microsoft Corporation C:\WINDOWS\system32\MSTask.exe
Local Security Authority Microsoft Corporation C:\WINDOWS\system32\lsass.exe
Service control process Microsoft Corporation C:\WINDOWS\system32\services.exe
Service host process Microsoft Corporation C:\WINDOWS\system32\svchost.exe
Performance-Related Windows Settings
The following settings may be helpful in diagnosing general system performance problems.
Setting name Value
Video acceleration disabled No
Paging of kernel disabled No
Screen saver running during tests No
NOIDE key found in registry No
Running 32-bit code on 64-bit Windows No
System Restore disabled No
Large System Cache enabled No
Has batteries No
Hibernate enabled No
HIBERFIL.SYS present No
Hibernate policy in use No
Sleep/Resume policy in use No
Running on battery power No
Internet Configuration
Learn More.
Description Your Results
Bandwidth Down 110 Kbits/sec
Bandwidth Up 179 Kbits/sec
Average Ping 133 ms
Ping Loss 0%
TCP Receive Window (default)
External IP Address 12.104.83.12
Internal IP Address 192.168.1.105
Browser MSIE 6.0; MSOCD
IE current cache 7 MB
IE max cache 447 MB
More Internet related Settings
The following settings may be helpful in diagnosing internet performance problems.
Setting name Value
Using a proxy No
HTTP 1.1 through proxy Enabled No
HTTP 1.1 Enabled Yes
Check for newer pages turned off No
Show Pictures No
Format docs using my style sheet No
Content Advisor enabled No
Check Associations Disable No
Enable Automatic Image Resize No
Enable third-party browser extensions No
Enable page transitions Yes
Always use my {colors|fonts|size} No
Security ConfigurationDescription Your Results
IE Restricted Zone Permissions Script ActiveX controls marked safe for scripting
Security-Related Windows Settings
The following settings may be helpful in diagnosing spyware and browser hijacks.
Setting name Value
Explorer: Some drive letters are hidden No
Explorer: Hide extensions for known file types No
Explorer: Hide protected operating system files No
Explorer: Do not show hidden files and folders No
Explorer: Do not display contents of system folders No
HOSTS location remapped via the Registry No
System File Protection disabled No
Main BoardDescription Your Results
Brand/Model Gateway
Type Desktop
Serial Number Not available
BIOS Intel Corp. WL81020A.15A.0007.P06.0010031249 10/03/2000
System Board Intel Corporation WL810E AAA27218-205
ProcessorDescription Your Results
Brand/Model Intel Celeron
Nominal Clock Speed 567 MHz
Measured Clock Speed 567 MHz
External Clock Speed 66 MHz
CPU Load 0%
Speed Rating 1633 (105% of 104 similar)
Memory ConfigurationDescription Results
RAM installed 255 MB
Windows RAM 255 MB
Total RAM slots 2
Available RAM slots 0
Max RAM module size 256 MB
Memory Type 128+127;DIMM,DRAM,|Synchronous;T16
Speed Rating 1032 MB/s (103% of 104 similar)
Description Drive C
Partition format FAT32
Cluster size 8 KB
Drive label LOCAL DISK
Size 14293 MB
Free space 10505 MB (73%)
Junk files 24 MB (0%)
System Restore Space Not tested
Data fragmentation Not tested
File fragmentation Not tested
Uncached speed 12 MB/s (72%)
Disk DrivesHere are the physical disk drives that we have detected on your system:
Drive 0
Drive letters C
Removable media No
Brand/Model QUANTUM FIREBALLlct15 15
IDE details DMA
Serial number
Revision level
CD/DVD DrivesHere are the CD and DVD drives that we have detected on your system:
Model Type Max Read Speed Max Write Speed
IDE-CD R/RW 8x4x32 CD-RW 5648 KB/s (32X) 1411 KB/s (8X)
Video BoardDescription Your Results
Brand/Model Intel Corporation 810 Graphics Controller Hub
Resolution 800x600 pixels
Colors 65,636
DirectX version 5.00.2180.1
OpenGL version 5.00.2195.6611
Acceleration options Enabled
Performance 23.3 MP/s (No similar CPU/MHz/video)
MonitorsDescription
Monitor Plug and Play Monitor
Max. Resolution (HxV) 1600 x 1200 pixels
Screen Size (HxV) 0 x 0 cm
Viewable Diagonal Size 0 inch
Manufacture Date January 0
Serial Number 0
pskelley
2008-01-26, 21:03
I have no idea what that information you posted is? If that is supposed to be the diagnostic at PCPitStop, it sure is not, here is an example of a link to another persons test results:
http://www.pcpitstop.com/pcpitstop/Summary.asp?TechExpress=RVPRSW9XEFGSBXBG
You can post your own test results for help here:
http://pcpitstop.invisionzone.com/index.php?showforum=6
Membership is free
Thanks
justime8
2008-01-26, 21:49
OK here it is
Home Page
Radio Listeners
Pitstop Store
Newsletter info
Logged in
justin dolfi
> Logout
> Change Login
Tests and Scans
Full Tests
Optimize 2.0
Internet Speed
Spyware Scan
AntiVirus
Running Programs
Driver Alert
Data Profiler
Disk Health
Check ActiveX
Vista Readiness
Info Centers
Help & Support
Battling Spyware
Gator / Claria
Privacy & ID Theft
MaxPC Performance
PC Safety
The Pit Blog
PC Market Trends
About Us
Forums
Forums Home
Fix My PC
Internet Tests
Viruses & Spyware
Site Feedback
Current Test Results
Summary
Test Details
Hardware List
Installed Software
Software by Category
System Comparisons
Test History
Share Results with
Test Results Summary
Computer Name: CC1930953-C
Date Tested: Sat Jan 26 11:43:50 UTC-0900 2008
This system has enough power for most applications and web browsing, but will not give you the best experience for fast-action games, video editing, and computing-intensive work. If you are mainly using it for web browsing, you can probably get by with a few simple upgrades and regular system maintenance. Otherwise, consider buying a new system.
This is your customized advice based on PC Pitstop's tests. Click on an item at left to find out what it means and what to do. Customized Tune-up Tips
• Sub Optimal Internet Performance
• Install more memory
• Adjust IE browser cache size
• Auto-filling Forms with IE May Present a Security Risk
• Install Backup Software
Configuration Summary: Our analysis was based on the data collected from this computer. A summary of the data collected is shown below. Click on any of the subsystem names or flags in the table below to see more information, or use the test details to see all the data on one page. For a list of programs running on your computer, including spyware, see the Windows details page. The test history page has a summary of previous tests for this configuration. See how your system compares to others we've tested.
Subsystem Status Description
System Intel Celeron, 567 MHz
Memory 255MB RAM
Disk Drive C
Video Intel Corporation 810 Graphics Controller Hub
Internet MSIE 6.0; MSOCD
Windows Windows 2000 Pro SP4
Security
Compare
Serious
Problem Minor
Problem A Winner! • Suggestion Your Score?
Click Here
Attention: You are running as Administrator.
Thank you for testing at PC Pitstop. Important: Before leaving the PC Pitstop site, please shut down this instance of Internet Explorer that is running as Administrator.
Attention: You are running unprotected.
Thank you for testing at PC Pitstop. Important: Before leaving the PC Pitstop site, please shut down this instance of Internet Explorer that is running with Protected Mode disabled.
pskelley
2008-01-26, 21:58
Click on this link so you can see what I need to see:
http://www.pcpitstop.com/pcpitstop/Summary.asp?TechExpress=RVPRSW9XEFGSBXBG
I would appreciate it if you would not post anything else unless it is the link like that one to the test results.
Thank you
justime8
2008-01-26, 22:55
im sorry that is not right. I do not know how to post that or save the page to post it here
pskelley
2008-01-26, 22:59
http://www.pcpitstop.com/techexpress/howto1.asp
justime8
2008-01-27, 01:11
http://www.pcpitstop.com/techexpress.asp?id=VZVCSW7J9SGSRG8G
pskelley
2008-01-27, 10:49
Not a lot of information we did not already know, but click the links, you might pick up some pointers. You already know RAM is an issue.
Internet Details has a few pointers that might help with security and performance.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
justime8
2008-01-29, 06:45
Spybot S&D RULES thank you so much! I am getting better at this stuff so hopefully I will not be back to soon. thanks for your patients!