[Metallica]

No, a Startuplist. That's another feature of HijackThis.

Scroll about three quarters down here:
http://home.planet.n...xplanation.html

Regards,

[Advertisements]

Okay finally done it!! here you go:

StartupList report, 05/20/2005, 16:58:29
StartupList version: 1.52.2
Started from : C:\Documents and Settings\msiz\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\Mailinfo\Mailinfo.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\msiz\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
Digimax Viewer 2.1.lnk = ?
EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
FLMOFFICE4DMOUSE = C:\Program Files\Office mouse\1.1\moffice.exe
EPSON Stylus C42 Series = C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
CorelDRAW Graphics Suite 11b = C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052205 serial=DR12WEX-1504397-KTY lang=EN
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe
WinampAgent = C:\Program Files\Winamp\winampa.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINNT\System32\KYLIE-~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=none
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll - {0CF0B8EE-6596-11D5-A98E-0003470BB48E}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar_en_2.0.111-big.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - msiz.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\Downloaded Program Files\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....738&clcid=0x409

[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8113.4619444444

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\Macromed\Flash\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll

--------------------------------------------------
End of report, 7,789 bytes
Report generated in 0.150 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[msiz]

Okay finally done it!! here you go:

StartupList report, 05/20/2005, 16:58:29
StartupList version: 1.52.2
Started from : C:\Documents and Settings\msiz\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Office mouse\1.1\moffice.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office mouse\1.1\MOUSE32A.DAT
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\Mailinfo\Mailinfo.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\msiz\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
Digimax Viewer 2.1.lnk = ?
EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\Userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
FLMOFFICE4DMOUSE = C:\Program Files\Office mouse\1.1\moffice.exe
EPSON Stylus C42 Series = C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
CorelDRAW Graphics Suite 11b = C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052205 serial=DR12WEX-1504397-KTY lang=EN
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe
WinampAgent = C:\Program Files\Winamp\winampa.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINNT\System32\KYLIE-~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=none
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll - {0CF0B8EE-6596-11D5-A98E-0003470BB48E}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar_en_2.0.111-big.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - msiz.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINNT\Downloaded Program Files\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....738&clcid=0x409

[Office Update Installation Engine]
InProcServer32 = C:\WINNT\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8113.4619444444

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\Macromed\Flash\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll
PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll

--------------------------------------------------
End of report, 7,789 bytes
Report generated in 0.150 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[Metallica]

Download, install, and run CleanUp!

Regards,

[msiz]

done all this and still running slow

[Metallica]

Can you try and be a bit more specific?

What is slow? How do you notice?

Regards,

[msiz]

Sure!

Takes approximately 5 minutes to login to Windows. Once logged in takes several minutes to open MSOutlook. Moving between applications seems to take forever and moving within websites can take forever!

[Metallica]

And any idea how or what started it?

Could be something you installed or when you were hit by a virus.
Or did it happen gradually?

Regards,

[msiz]

I have no idea how or why it started, it gradually started getting slower. Ive not had a virus as far as Im aware!

[Metallica]

Click Start > Run > type or copy&paste Rundll32.exe advapi32.dll,ProcessIdleTasks > OK

Then empty the prefetch folder following the instructions here:
http://www.windowsne...refetch-XP.html

Then reboot and run defragmentation.

Let me know if that is noticeably better.

[msiz]

hate to say this, but hasn't made much difference

[Metallica]

Check this: http://is-it-true.or...s/utips76.shtml

Regards,

[msiz]

Hi - thanks for that. Has made a slight difference but not a huge one!

[Metallica]

They have more tips:

http://is-it-true.or...orkstation.html

[Kat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.