1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer slow

Discussion in 'Virus & Other Malware Removal' started by reb5987, Sep 25, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    My computer has really slowed down recently. can some one please check this hijack log.

    Logfile of HijackThis v1.96.2
    Scan saved at 11:54:47 AM, on 9/25/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\igfxtray.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Orl\VNC\WinVNC.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Orl\VNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Winsock2 driver] WINCFG.SCR
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
    O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37634.5709259259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

    Thanks for your help

    Bob Bunch
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  3. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    Thanks for your reply.

    Did as instructed, than ran Housecall. No infections found.

    Here is new hikack scan

    Logfile of HijackThis v1.96.2
    Scan saved at 2:01:58 PM, on 9/25/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\igfxtray.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Orl\VNC\WinVNC.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.gateway.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe

    /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec

    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD

    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

    C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825]

    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus

    Photo 825" /O6 "USB001" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Orl\VNC\WinVNC.exe"

    -servicehelper
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program

    Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program

    Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

    /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Global Startup: Billminder.lnk = C:\Program

    Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program

    Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

    Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone

    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack -

    http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Euchre -

    http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire -

    http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
    O16 - DPF: Yahoo! Pinochle -

    http://download.games.yahoo.com/games/clients/y/ut2_x.cab
    O16 - DPF: Yahoo! Poker -

    http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 -

    http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com

    ActionRunner Class) -

    http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D}

    (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do

    More\DoMoreRunExe.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX

    Control) -

    http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E}

    (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe)

    - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com

    /housecall/xscan53.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1}

    (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37634.570

    9259259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

    Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools

    on the Web Control) -

    http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)

    - http://fdl.msn.com/public/chat/msnchat45.cab

    Thanks again

    Bob (reb5987)
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    Looks a lot better now just a few quick clear ups, a real player auto updater and a logitech auto updater, both aren't really needed

    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB


    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
     
  5. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    Thanks again. Followed your last message. Only thing that showed up in search & destroy was. Cdilla file which I then fixed.

    Here is clean copy of hijack

    Logfile of HijackThis v1.96.2
    Scan saved at 3:05:55 PM, on 9/25/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\igfxtray.exe
    C:\WINNT\System32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Orl\VNC\WinVNC.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\unzipped\hijackthis[1]\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Orl\VNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs9_x.cab
    O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37634.5709259259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    looks clear now, has the speed gone back to normal or is it still slow?
     
  7. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    So far its a lot better. Thanks a lot for all your help

    bob
     
  8. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    look in control panel/admin services/services scroll down and see if C-DILLA is enabled.........if so disable it.

    ;)
     
  9. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    Thanks Steve, It was shown in the administrative folder. I clicked on the "stop service". Will this disable it?

    Thanks again

    reb5987
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    that will just stop it this time, right click on the c-dilla service & set it to disabled
     
  11. reb5987

    reb5987 Thread Starter

    Joined:
    Aug 9, 2003
    Messages:
    7
    Thanks to everyone. Great job. everything is now running as it did when new.

    We can finish this thread.

    Bob Bunch
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167356

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice