Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My pc is running slowly


  • This topic is locked This topic is locked

#46
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Found them here: http://www.wanadoo.c...dnssettings.htm

195.92.195.94
195.92.195.95

BRB,
  • 0

Advertisements


#47
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Attaching a new rasphone file.

Rename it to rasphone.pbk like we did earlier.

Keeping them crossed,

Attached Files


  • 0

#48
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Ok thanks for that. I replaced it but that [bleep] line still keeps coming back. Is that rasphone suposed to have [Virgin Net Registration Server]
written at the top of it?
  • 0

#49
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts

Is that rasphone suposed to have [Virgin Net Registration Server]
written at the top of it?

View Post


It was in the original file you gave me.
The lines between brackets are comments anyway, so it isn't really important.
  • Download the Registry Search Tool.
  • Unzip the contents of RegSrch.zip to a convenient location.
  • Double-click on RegSrch.vbs.
  • If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
  • In the "Enter search string (case insensitive) and click OK..." box paste this string:
    • {479AF3AA-EAEA-4013-82A5-475409FEB5F0}
  • Click "OK" to search the registry for that string.
  • Wait for a few minutes while it completes the search.
  • Click "OK" to open the results in WordPad.
  • Copy and paste the entire results into your next post.
Regards,
  • 0

#50
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Here it is:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{479AF3AA-EAEA-4013-82A5-475409FEB5F0}" 5/4/2005 1:10:29 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]
  • 0

#51
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Thanks. I'll need some more.

Click Start > Run > type or copy&paste regedit /e c:\interfaces.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces" >OK

This will create the file c:\interfaces.txt
Post the content please.

Regards,
  • 0

#52
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{1EB1B9B8-2B83-4F90-A51C-7EF07A1CE7D0}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{29F06B52-2882-4FDF-84F2-FDCBBFCDF175}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]
"NameServerList"=hex(7):00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{79F304E2-0819-4153-900B-189B461118CC}]
"NameServerList"=hex(7):00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{CA26B20F-A867-4AFE-945E-23C7344A5B42}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E2A2ACC0-4069-41B9-A443-6B02A68CD252}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F3DD5BEF-1A47-4AD2-9234-C317EB56B447}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000
  • 0

#53
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
OK I think I have this figured.

First we will make backups.

Click Start > Run > and OK these commands:

regedit /e c:\interfaces1.reg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

regedit /e c:\interfaces2.reg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

regedit /e c:\interfaces3.reg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

regedit /e c:\interfaces4.reg "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

regedit /e c:\interfaces5.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

regedit /e c:\interfaces6.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}"

Check if the appropriate files have been made.
If you get disconnected just doubleclick those backups to merge them with the registry.


Then copy the part in bold bewlo into notepad and safe it as blewafuse.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{479AF3AA-EAEA-4013-82A5-475409FEB5F0}]


Disconnect.
Doubleclick that file and confirm you want to merge it with the registry.
Replace rasphone.pbk with a clean one.
Run HijackThis and check for the presence of the dreaded O17.
Fix it if present.

Reboot and check your HijackThis log.
Connect and check your HijackThis log.

I'll be here with my fingers, toes and whatever else I can find crossed.

Good luck,
  • 0

#54
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Did all that, and guess what?... It's still there, every time I connect to the internet it appears!
  • 0

#55
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
:tazz:

Can you post the O17 line from the log?
I want to see if it has the same CLSID

Regards,
  • 0

Advertisements


#56
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA26B20F-A867-4AFE-945E-23C7344A5B42}: NameServer = 195.92.195.94 195.92.195.95
  • 0

#57
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
errrm. I have no objections against that one.


:tazz:
  • 0

#58
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
So that line is ok? My pc is still running like a sack of turd. I think the time has come to through it out the window! :tazz:
  • 0

#59
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Can you post a new HijackThis log?

Also look in TaskManager which process(es) is using most CPU time and memory.

Maybe that will tell us something

Regards,
  • 0

#60
dogbiscuit

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Had a look in task manager but not sure exactly what Im looking for really. Internet and music software are using the most cpu at present but Im having problems before I even run either of those programs. It's not just general slowness. Im having symptoms like tempramental toolbars and usually 'my computer' takes a couple of minutes to open but sometimes opens ok.
Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:03:27 PM, on 5/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Tracktion2\Tracktion.exe
C:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_0/home.html"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\craig\Application Data\Mozilla\Profiles\default\0h0gxuxl.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Kazga.exe.lnk = C:\Program Files\Kaz Guardian Angel\Kazga.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsec...an/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1101827558000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandon...cabs/cssweb.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...438/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA26B20F-A867-4AFE-945E-23C7344A5B42}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP