Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer [CLOSED]


  • This topic is locked This topic is locked

#1
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Hey guys, my home computer has been really slow lately. i ran ad-aware and spy ware.....just ran hi jack this. im sure there are some files that shouldnt be there. maybe you couldhelp me out. rock on!

Logfile of HijackThis v1.97.7
Scan saved at 2:09:35 PM, on 4/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\SMART KEYBOARD\SMARTKBD.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\NETROPA\SMART KEYBOARD\MEDIACTR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
C:\THE PRINT SHOP PRODUCTS\THE PRINT SHOP PREMIER EDITION 5.0\PSPE5.EXE
C:\WINDOWS\Twunk_16.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\CHRIS JR'S STUFF\APPLICATIONS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TReND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.villanova.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {AE199FBA-0F4A-AF6F-C730-517BD5FAA519} - C:\windows\system\mczxajbw.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\AUTOUPD\autoupd.exe
O4 - HKLM\..\Run: [Smart Keyboard] C:\Program Files\Netropa\Smart Keyboard\Smartkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [akmeynqn] C:\WINDOWS\sejvsykj.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [cft] C:\WINDOWS\SYSTEM\gpcepi.exe
O4 - HKLM\..\Run: [wna] C:\WINDOWS\SYSTEM\fmclxo.exe
O4 - HKLM\..\Run: [nqnkdgqo] C:\WINDOWS\SYSTEM\tsgcuqgo.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .rrf: C:\PROGRA~1\INTERN~1\PLUGINS\npiftw32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ros/install.cab
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O2 - BHO: (no name) - {AE199FBA-0F4A-AF6F-C730-517BD5FAA519} - C:\windows\system\mczxajbw.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - C:\PROGRAM FILES\IESEARCHBAR\IESEARCHBAR.DLL
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\AUTOUPD\autoupd.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System\
O4 - HKLM\..\Run: [akmeynqn] C:\WINDOWS\sejvsykj.exe
O4 - HKLM\..\Run: [WinFavorites] C:\PROGRAM FILES\WINFAVORITES\WINFAVORITES.exe1
O4 - HKLM\..\Run: [cft] C:\WINDOWS\SYSTEM\gpcepi.exe
O4 - HKLM\..\Run: [wna] C:\WINDOWS\SYSTEM\fmclxo.exe
O4 - HKLM\..\Run: [nqnkdgqo] C:\WINDOWS\SYSTEM\tsgcuqgo.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKCU\..\Run: [] c:\WINDOWS\System\
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System\zzb.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...ros/install.cab

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log. <_<
  • 0

#3
ditto

ditto

    - i pwn n00bs -

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,260 posts
ok heres the new log file. thanks.

Logfile of HijackThis v1.97.7
Scan saved at 5:27:54 PM, on 4/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\SMART KEYBOARD\SMARTKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\WINNET.EXE
C:\PROGRAM FILES\COMMONNAME\ADDRESSBAR\COMWIZ.EXE
C:\PROGRAM FILES\NETROPA\SMART KEYBOARD\MEDIACTR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\MY DOCUMENTS\CHRIS JR'S STUFF\APPLICATIONS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TReND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.villanova.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Smart Keyboard] C:\Program Files\Netropa\Smart Keyboard\Smartkbd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .rrf: C:\PROGRA~1\INTERN~1\PLUGINS\npiftw32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Uninstall the Common Name toolbar and you should be good to go <_<

It is important that you MUST exit all instances of Windows Explorer and Internet Explorer before you proceed with the following instructions:
1. Click "Start"
2. Select "Programs" from the pullup menu
3. Select "CommonName" from the Programs menu
4. Select "Uninstall CommonName Toolbar"

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use).

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.javacools...areblaster.html

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#5
ditto

ditto

    - i pwn n00bs -

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,260 posts
sorry admin but there was no common name under the program menu. perhaps i could delete it through Windows Explorer?
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
How about under Add/Remove Programs? Else, browse C:\program files\commonname\unins.exe (or something similar).
  • 0

#7
ditto

ditto

    - i pwn n00bs -

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,260 posts
when trying to delete the files under C:\programfiles\commonfiles\addressbar it says that either access denied or cannt remove file. Any help?

btw, thanks for helping me with my laptop in the other post.


pat
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
If you are successful deleting the files, they'll likely come right back. You need to look for the uninstaller file (usually abreviated unins.exe, uninstll.exe, etc.).
  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP