Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Sluggish and sometimes really heavy freezing [RESOLVED]


  • This topic is locked This topic is locked

#1
carsey

carsey

    Member

  • Member
  • PipPip
  • 10 posts
I have scanned using all the reccomended programs and the problem of the computer being so slow remains. Ran HiJack this and the log is below:

Logfile of HijackThis v1.99.1
Scan saved at 45:20:15, on 20/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\TightVNC\WinVNC.exe
D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\explorer.exe
F:\HiJack This!\hijackthis.exe
D:\Documents and Settings\Barry\Desktop\HiJack This!\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client....o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client....o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client....rch.yahoo.com/
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and welcome carsey

Did the scans find anything and remove them ?

Download winpfind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#3
carsey

carsey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The scans found mainly tracking cookies which always appear. I may consider putting a HOSTS file on the computer to block advertising and other harmful things.

As requested I have ran WinPFind in safe mode and saved the log. Below is the log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 7.0.5450.4

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 13:00:00 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
PTech 23/05/2006 17:26:00 579888 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09/08/2006 20:03:04 8325544 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 09/08/2006 20:03:04 8325544 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 08:56:36 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 08:56:44 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 13:00:00 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 23/05/2006 17:25:52 285488 D:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 04/08/2004 06:41:38 1309184 D:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
20/08/2006 14:57:24 S 2048 D:\WINDOWS\bootstat.dat
23/06/2006 10:15:36 S 42278 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7beta3.cat
05/07/2006 13:21:58 S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
27/07/2006 15:00:28 S 10337 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
21/07/2006 10:03:14 S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
26/06/2006 20:47:22 S 11929 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
13/07/2006 15:24:46 S 13050 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
14/07/2006 17:13:00 S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
14/07/2006 16:53:20 S 10925 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
20/08/2006 14:56:58 H 8192 D:\WINDOWS\system32\config\default.LOG
20/08/2006 14:59:08 H 1024 D:\WINDOWS\system32\config\SAM.LOG
20/08/2006 14:57:24 H 12288 D:\WINDOWS\system32\config\SECURITY.LOG
20/08/2006 14:58:38 H 110592 D:\WINDOWS\system32\config\software.LOG
20/08/2006 14:50:48 H 1024 D:\WINDOWS\system32\config\system.LOG
16/08/2006 18:04:48 H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
09/08/2006 17:47:12 HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\38d2c6ed-a1bd-46f3-8273-86e19f29ffb3
09/08/2006 17:47:14 HS 24 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
17/08/2006 15:56:14 H 6 D:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 08:56:58 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 08:56:58 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 23/06/2006 05:41:10 1402368 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 29/08/2002 13:00:00 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 13:00:00 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 13:00:00 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 05:16:30 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 D:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 04/08/2004 08:56:58 549888 D:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 D:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 D:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 D:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 D:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 23/06/2006 05:41:10 1402368 D:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 D:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 D:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 D:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29/08/2002 13:00:00 187904 D:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 D:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29/08/2002 13:00:00 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 D:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 D:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 D:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 D:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 04/08/2004 08:56:58 155648 D:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 D:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 29/08/2002 13:00:00 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 D:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 D:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 05:16:30 174360 D:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
16/03/2006 20:15:58 HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
17/03/2006 20:26:40 1730 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
16/03/2006 19:56:04 HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
16/03/2006 20:15:58 HS 84 D:\Documents and Settings\Barry\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
24/06/2006 23:58:36 1557 D:\Documents and Settings\Barry\Application Data\AdobeDLM.log
16/03/2006 19:56:04 HS 62 D:\Documents and Settings\Barry\Application Data\desktop.ini
24/06/2006 23:58:34 0 D:\Documents and Settings\Barry\Application Data\dm.ini
23/04/2006 10:39:32 17920 D:\Documents and Settings\Barry\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
YPC 3.2.0 = Yahoo! Parental Controls

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = D:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = D:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = D:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
SidebarAutoLaunch Class = D:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = BT Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : D:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
IE Search Band = D:\WINDOWS\system32\ieframe.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
D-Link AirPlus G D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
ANIWZCS2Service D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
WinVNC "D:\Program Files\TightVNC\WinVNC.exe" -servicehelper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE D:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BTHelpNotifier
hkey HKLM
command D:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BTHelpNotifier
hkey HKLM
command D:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = D:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 20/08/2006 15:12:15


Thanks for the help so far! Greatly appreciated guys!!!:whistling:
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Everthing looks clean, I asked for the winpfind log just to be sure and I saw you had some items disabled via msconfig but nothing but a couple yahoo items and smartbridge


have you added any new programs or hardware recently ?

some basic maintenance might be needed your start ups are slimmed down pretty well as it is

I don't see an Anti Virus or firewall program running here ?
  • 0

#5
carsey

carsey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the reply.

No changes have been made to the system recently.

What would you reccomend about the startup??
Im pretty sure that Windows firewall is running on the system. As the components of the system are very old I dont plan on installing heavy usage firewall programs and realtime scanners as the system simply cannot handle the pressure they give it.
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

What would you reccomend about the startup??
Im pretty sure that Windows firewall is running on the system. As the components of the system are very old I dont plan on installing heavy usage firewall programs and realtime scanners as the system simply cannot handle the pressure they give it.


You don't have a lot running on start up,


But running with out a AV is down right danegerous,

How much ram you have on the system ?
  • 0

#7
carsey

carsey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
64MBs
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

64MBs

No wonder its crawling Microsoft recommends having a minimum of 256, I would recommend you increase the ram, No matter what we disable it still going to run slow
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP