Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another Hijack Log! [CLOSED]


  • This topic is locked This topic is locked

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
No, a Startuplist. That's another feature of HijackThis.

Scroll about three quarters down here:
http://home.planet.n...xplanation.html

Regards,
  • 0

Advertisements


#17
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Okay finally done it!! here you go:

StartupList report, 05/20/2005, 16:58:29
StartupList version: 1.52.2
Started from : C:\Documents and Settings\msiz\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\Mailinfo\Mailinfo.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\msiz\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
Digimax Viewer 2.1.lnk = ?
EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
FLMOFFICE4DMOUSE = C:\Program Files\Office mouse\1.1\moffice.exe
EPSON Stylus C42 Series = C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
CorelDRAW Graphics Suite 11b = C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052205 serial=DR12WEX-1504397-KTY lang=EN
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe
WinampAgent = C:\Program Files\Winamp\winampa.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINNT\System32\KYLIE-~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=none
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll - {0CF0B8EE-6596-11D5-A98E-0003470BB48E}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar_en_2.0.111-big.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - msiz.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\Downloaded Program Files\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....738&clcid=0x409

[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8113.4619444444

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\Macromed\Flash\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll

--------------------------------------------------
End of report, 7,789 bytes
Report generated in 0.150 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Download, install, and run CleanUp!

Regards,
  • 0

#19
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
done all this and still running slow :tazz:

;)
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Can you try and be a bit more specific?

What is slow? How do you notice?

Regards,
  • 0

#21
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Sure!

Takes approximately 5 minutes to login to Windows. Once logged in takes several minutes to open MSOutlook. Moving between applications seems to take forever and moving within websites can take forever!

:tazz:
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
And any idea how or what started it?

Could be something you installed or when you were hit by a virus.
Or did it happen gradually?

Regards,
  • 0

#23
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I have no idea how or why it started, it gradually started getting slower. Ive not had a virus as far as Im aware!

:tazz:
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Click Start > Run > type or copy&paste Rundll32.exe advapi32.dll,ProcessIdleTasks > OK

Then empty the prefetch folder following the instructions here:
http://www.windowsne...refetch-XP.html

Then reboot and run defragmentation.

Let me know if that is noticeably better.
  • 0

#25
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
hate to say this, but hasn't made much difference

:tazz:
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Check this: http://is-it-true.or...s/utips76.shtml

Regards,
  • 0

#27
msiz

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hi - thanks for that. Has made a slight difference but not a huge one!
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
They have more tips:

http://is-it-true.or...orkstation.html
  • 0

#29
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP