Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Dell Inspiron 5100 Running very Slow

Started by petrohawk , Feb 28 2006 01:28 AM

  • This topic is locked This topic is locked
16 replies to this topic

#1 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 28 February 2006 - 01:28 AM

This dell is around three years old. It is getting slower as time goes by. I've cleaned, defragged, blown out the heat sink, removed all uneeded programs, still slow. Perhaps there is something in there that I can;t find. Any help would be greatly appreciated.

WinXP Pro Ver 2002 Service Pak 2
2, 512's of Ram
Pentium 4 CPU 2.40 GHZ

Logfile of HijackThis v1.99.1
Scan saved at 11:11:16 PM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra 'Tools' menuitem: Run SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp35.pogo.c...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet06.pogo....h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatc...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{849630B0-5DE0-42DF-B5B0-B90A4A6F9634}: NameServer = 66.80.131.5,66.80.130.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove

#2 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 01 March 2006 - 11:45 AM

Welcome petrohawk to the TomCoyote Forums
My name is mschroe919 and I am going to read your log. Please post back if you still need help.
Thanks mschroe919

I see a part of Computer Associates eTrust AntiVirus on your PC. However I don't see it in start ups or in programs.
If you post back needing help, please let me know if indeed you have a Anti Virus program. If so have you enable it?
Thanks Milt
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#3 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 01:25 PM

mschroe919 Thank you for your reply, Yes I still need to speed this unit up a bit. I have ZoneAlarm Ver:6.1.737.000. True Vector Security Engine Ver: 6.1.737.000. Anti-Virus Vet Engine Version: 11.9.1.000 DAT File version: 11.9.9679.000 I have no knowldge of Computer Associates Etrust Antivirus on this system I am on Adelphia as a cable internet service in California. They did have a "Freedom Anti virus" program available as a freebie for registered users. Caused nothing but trouble with all of my systems (I have four comps in the net) So I uninstalled and ran ZoneAlarm on them all. Only the Dell Inspiron 5100 is slowing down. I would appreciate any suggestions you may have.

#4 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 01 March 2006 - 05:56 PM

Hi petrohawk

Welcome back to the TomCoyote Forums. Thanks for posting back.
I have read your log.

I didn't see anything real bad so let see what we can do to help your PC speed up.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Let me suggest you copy and paste these instructions into word pad, as the internet will not be (while in Safe Mode) available to you, and print it out so you can follow the steps in order.
Please read through this post since I am asking you to download specific software to assist you.

Some programs needed to clean up PC. I will be asking you to download and some run later.

(Note you may allready have these if so make sure latest versions and run them when asked.)

FIRST:

We need to disable your WinPatrol it will try to stop any fix you make. You can enable it back when we are done.
and also do you reconize these IP's. (66.80.131.5,66.80.130.23)Is it your internet IP?

NEXT:

Restart to safe mode.

Please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

While in safe mode please run a scan on HijackThis and put a check by the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

now click Fix checked
and close hijack this

Perform the following steps, also while in safe mode:

Next:
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Next:

reboot to regular mode
Close all windows and browsers and ope Hijack this and get another scan and post the log here.

NEXT:
update Java and run RegSeeker

Get Java updates here:
http://www.java.com/...load/manual.jsp

Next:

Please download System Security Suite. Extract it from the zip file into a folder.here.
http://www.forums.se...hread.php?t=318

Run 3S under “Items To Clear” tab place a checkmark in all of them but the last.

NEXT:

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT:make sure to set the export range to ALL

I recommend you download RegSeeker.Get it here:
http://www.hoverdesk.net/freeware.htm
Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

NEXT:

Close all windows and browsers and ope Hijack this and get another scan and post the log here. We are almost done.
Also let me know how your PC is acting.

Good luck
mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#5 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 08:08 PM

Hijack log after first operation

Logfile of HijackThis v1.99.1
Scan saved at 5:49:50 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra 'Tools' menuitem: Run SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp35.pogo.c...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet06.pogo....h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatc...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{849630B0-5DE0-42DF-B5B0-B90A4A6F9634}: NameServer = 66.80.131.5,66.80.130.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 01 March 2006 - 08:22 PM

How is your PC doing now, Please tell me. mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#7 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 08:29 PM

FInishing up with final restart, will post hijk log and advise on operation. Stand by one. Hawk

#8 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 08:36 PM

OK, system has speeded up quite a bit, close yo new. Ran various programs to verify operation, all in order. That RegSeeker found over 1200 items to drop! serious program The ones I use came nowhere close. Log as follows.
Logfile of HijackThis v1.99.1
Scan saved at 6:31:09 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/index.php
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra 'Tools' menuitem: Run SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp35.pogo.c...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet06.pogo....h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatc...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{849630B0-5DE0-42DF-B5B0-B90A4A6F9634}: NameServer = 66.80.131.5,66.80.130.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#9 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 01 March 2006 - 08:54 PM

I will go over your log and get back to you, One question is is this NameServer = 66.80.131.5,66.80.130.23 your IP Thanks mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#10 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 09:09 PM

IP is supposed to be 68.70.36.23 Have no idea what that other one is. Rather long isn't it? I am running a D-Link Router. Sorry to say I have no clue on how to get into it. I was lucky and after plugging everything into the right holes it worked. Got it a long time ago and forgot how to access its functions. Its a DI 704 Went on the net for directions, but DUH! brain burned on that one. Seems that the IP I get at lawerencegoetz.com/programs/ipinfo/ won't give the actual if I'm running thru a router.

    Advertisements

Register to Remove

#11 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 01 March 2006 - 11:41 PM

OK I got into the D Link shows 68.70.36.23 as the IP address and 67.21.13.4, 67.21.13.2 as the Domain Name Server. So "66.80.131.5,66.80.130.23" Doesn't show anywhere that I can find. Is this a bad thing? Hawk

#12 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 02 March 2006 - 10:30 AM

Welcome back petrohawk,

Sorry about the delay I had to go, but I didn't forget you.

we are starting to look and run better.
Lets try some more here:

Don't worry about the IP it is okay to leave alone.

First
lets make all file vissable, here is how:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

NEXT:

Please download ATF Cleaner by Atribune.
Get it here:

ATF

Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

NEXT

Download the trial version of Spy Sweeper from here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

Good luck mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#13 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 02 March 2006 - 03:06 PM

Computer is running much faster now. Loads programs like it used to. I cna't thank you enough for the help. These instructions for the Dell Inspiron, can I apply them to my other PC's? or was this specific to the Inspiron?
Alway on the look out for operations improvement. Attached are the logs you requested.
Thanks again
Hawk

********
12:03 PM: | Start of Session, Thursday, March 02, 2006 |
12:03 PM: Spy Sweeper started
12:03 PM: Sweep initiated using definitions version 625
12:03 PM: Starting Memory Sweep
12:05 PM: Memory Sweep Complete, Elapsed Time: 00:02:11
12:05 PM: Starting Registry Sweep
12:05 PM: Registry Sweep Complete, Elapsed Time:00:00:15
12:05 PM: Starting Cookie Sweep
12:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:05 PM: Starting File Sweep
12:39 PM: File Sweep Complete, Elapsed Time: 00:34:10
12:39 PM: Full Sweep has completed. Elapsed time 00:36:38
12:39 PM: Traces Found: 0
********
11:57 AM: | Start of Session, Thursday, March 02, 2006 |
11:57 AM: Spy Sweeper started
11:57 AM: Sweep initiated using definitions version 625
11:57 AM: Starting Memory Sweep
11:59 AM: Memory Sweep Complete, Elapsed Time: 00:02:34
11:59 AM: Starting Registry Sweep
12:00 PM: Registry Sweep Complete, Elapsed Time:00:00:15
12:00 PM: Starting Cookie Sweep
12:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:00 PM: Starting File Sweep
12:02 PM: Sweep Canceled
12:02 PM: File Sweep Complete, Elapsed Time: 00:02:10
12:02 PM: Traces Found: 0
12:03 PM: | End of Session, Thursday, March 02, 2006 |
********
11:55 AM: | Start of Session, Thursday, March 02, 2006 |
11:55 AM: Spy Sweeper started
11:56 AM: Your spyware definitions have been updated.
11:57 AM: | End of Session, Thursday, March 02, 2006 |



Logfile of HijackThis v1.99.1
Scan saved at 12:48:28 PM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTPerformanceUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\SB Performance Utility\CTPowUti.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra 'Tools' menuitem: Run SSSpider - {0EF12621-EC1D-11D6-A141-00E0294498C9} - C:\Program Files\KrylTech\SSSpider\SSSpider.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Canasta by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.c...e-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp35.pogo.c...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet06.pogo....h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} - http://www.musicmatc...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{849630B0-5DE0-42DF-B5B0-B90A4A6F9634}: NameServer = 66.80.131.5,66.80.130.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#14 mschroe919

mschroe919

    basic

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,825 posts

Posted 02 March 2006 - 05:17 PM

Hi petrohawk.
You did a good job following the steps and I am glad that you and you PC are happy.
Note:
None of these steps are for any particular PC, Desk top or Laptop. Just some are particular problems.
See the all clean stuff I suggest, this for sure can be done on all PC's to keep clean.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Note you may have some of theses programs allready, if so just a reminder to keep updated.


1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re enable system restore here:
Managing Windows Millennium System Restorehttp://www.bleepingcomputer.com/forums/tutorial63.html
or
Windows XP System Restore Guide
re-enable system restore with instructions from tutorial above
http://www.bleepingc...tutorial56.html

2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.

1. Change the Download signed ActiveX controls to Prompt
2. Change theDownload unsigned ActiveX controls to Disable
3. Change the Initialise and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.

3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See these links for a listing of some on line & their stand-alone anti virus programs:
Here are some of the better AV products.

Symantec/Norton Antivirus: http://www.symantec.com/nav/nav_9xnt/
Kapersky AV: http://www.kaspersky...ne.html?info=25
Nod32 : http://www.nod32.com/home/home.htm
Panda AV: http://www.pandasoftware.com/
McAfee Virusscan: http://us.mcafee.com...e.asp?pkgid=100
AVG Anti-Virus (Free version available) http://www.grisoft.com/

4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. See link below for a free firewall:

ZoneAlarm: http://www.zonelabs.....jsp?lid=nav_za

6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

http://net-integrati...sdtutorial.html

8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
Instructions for - Ad-aware:

http://russelltexas....e/adawarese.htm

9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:

http://www.javacools...areblaster.html

10. [color="blue"]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you [b]WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Been a pleasure working with you

mschroe919
"The most important thing about goals is having one."

"It is never too soon to be kind, for we never know how soon it will be too late. "

No Man Ever Stands So Tall As When He Stoops To Help A Child

If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You

#15 petrohawk

petrohawk

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 03 March 2006 - 01:50 AM

Ran the repairs on the rest of my system save the HiJack fixes. Everything runs like a top, Thanks again Milt. Hawk

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·