1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help Computer is so slow.... have hijack log

Discussion in 'Windows XP' started by wscole, Oct 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. wscole

    wscole Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    4
    I havent installed anything lately I left to go home for the weekend and it was fine... when I came back it was extremely slow...

    Logfile of HijackThis v1.97.3
    Scan saved at 11:10:26 AM, on 10/15/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Sandy\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://test.lowmotion.org/viewforum.php?f=16
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b Startup
    O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://goinnow.com/plugin/111116.exe
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.trinsic.org/download_serial.exe
    O16 - DPF: {946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} (HTMLAccess Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/DHTMLAccessXP1042.cab
    O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack_XP.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    Please Help! Thanks
     
  2. cammi

    cammi

    Joined:
    Jan 9, 2003
    Messages:
    560
    ahhh... i'm not sure. but if no one has touched your computer... :S

    have you done the spyware clean up?
     
  3. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Did you install Stop Sign ? It is supposed to be a spyware blocker but is in fact spyware itself.

    Do the following:

    First Delete Temp files, Cookies and offline content.To do this,
    Open Internet Explorer/Tools/Internet Options/delete cookies/delete files
    select off-line content/clear history.


    Download Adaware from here

    Go here http://www.lavasoftusa.com/software/adaware/

    Make sure you select "Check for updates now" and get the latest reference files.

    Run Adaware and hit the Scan now button, make sure Activate indepth scan is selected and then
    hit next. After the scan has completed delete everything it finds.

    Restart your computer.

    Then Download Spybot search & destroy from here. Read the instructions while you're there.

    http://tomcoyote.org/SPYBOT/index1.html

    Install the program (Close all browser windows) and run it.

    Before scanning press "Online" and "Search for Updates"

    Put a check mark at and install all updates.

    Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds in red.

    Restart your computer.

    Post a New HJT Log.
     
  4. wscole

    wscole Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    4
    yeah I used one and I did a virus check.... came up empty
     
  5. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Did you run the above tools Adaware and spybot ?

    Post a new log if you did.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Before you get into installing or uninstalling things, how about trying a simple System Restore first? Just run msconfig, launch system restore and take it back a few days to before this change took place.

    THEN, remove the Eanthology crap from Add/Remove programs, install and run Ad-Aware, Spybot or both -- be sure to reboot after they fix stuff. After that run HijackThis, make sure this entry is gone:

    O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - C:\WINDOWS\iempg.dll

    If not, check and "fix" it.

    Then post another Scanlog and report on results.
     
  7. PlatinumDrag

    PlatinumDrag

    Joined:
    Oct 15, 2003
    Messages:
    49
    Take and get spyblaster, it prevents spyware from even being added on your machine. Along with spybot you should have a fairly clean system. As for ad-aware dont waste you time, i used that as well before but since they have been bought out the new owner allows his spyware for his buisness to be added.

    But if you feel the need to keep ad-aware then i suggest you have a secondary program just to run after words to make sure you have gooten it all.
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You might think about checking your facts there PlatinumDrag. There is not a shred of truth in the above statement.

    And in my opinion Adaware has jumped slightly ahead of the game in keeping up with the mutation of the nasties these days.

    I use both Spybot and Adaware and recommend that all PC users have them both.

    BTW that is coming from someone who knows a little bit about the subject.

    :)
     
  9. wscole

    wscole Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    4
    I used spy bot and ad aware and this is my new log

    Logfile of HijackThis v1.97.3
    Scan saved at 7:28:05 PM, on 10/15/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Sandy\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://test.lowmotion.org/viewforum.php?f=16
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
    O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  11. wscole

    wscole Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    4
    it is still messed up so I tryed to reinstall windows and it said lbrtfdc.sys is corrupt
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    On my system that file only exists in a c:\I386\drivers.cab folder. Meaning it's not in use.

    When examined it is described as:

    Toshiba Libretto floppy controller

    Have you tried System Restore? It's a much better option than a reinstall anyway.
     
  13. PlatinumDrag

    PlatinumDrag

    Joined:
    Oct 15, 2003
    Messages:
    49
    You know flrman1 maybe you should do a little fact finding on your own since you are the man of the subject. Try looking through PC magazine for thier review of how ad-aware fairs compared to the others. Not only from the new owner but the fact that it doesn't remove everything it claims to. This is only one area you can find, there are many more to list.

    So before you go around calling someone a liar you might wish to read up on the subject.
     
  14. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    HMMMM I don't recall calling anyone a liar. :confused:

    Could this possibly be the review you are referring to?

    You have to love Ad-aware's tag line: "The morning after pill for the Internet." It's also easy to love the price of the basic version: free. The Plus version can block spyware in real time, while the Professional version has more detailed configuration options—scanning systems across a network, for example. Solid detection and removal abilities are obscured by an awkward interface.

    Ad-aware 6's straightforward interface identifies the vendor of the file and the type of attack (for example, data miner) but at times becomes overly modal, limiting your options to too few situation-specific buttons. When looking at scan results, for example, you have little choice but to click on Next and proceed, although you can deselect objects to proceed without removing them.


    Ad-aware found a respectable amount of our spyware and removed most of it. On the other hand, although the program claims to remove Trojans and key loggers, it left NetBus and NetObserve intact. And although it claimed to have removed Alexa, the Alexa toolbar was functioning afterwards, apparently still sending back information.

    From here:

    http://www.pcmag.com/article2/0,4149,994103,00.asp

    You know what they say about opinions.

    All of the member reviews in the article above were positive in keeping with the vast majority of Adaware users as well as many of the foremost members of the Anti-spyware community some of whom frequent this forum occassionally.

    And spyware in Adaware? No need to even debate that.

    It was not my intention to call you a liar or to offend you. It was simply to point out that you have been misinformed, particularly concerning spyware being included in Adaware which has no basis in fact.

    If I offended you then I truly apologize.

    Any further dicussion should be done through PM's as I do not wish to hijack this thread.
     
  15. IAMSKINZ

    IAMSKINZ

    Joined:
    May 2, 2003
    Messages:
    65
    I do not intend to hijack this thread any further but I felt that an official reply on this accusation from Lavasoft was warranted.

    First Lavasoft has NEVER been sold or changed hands in anyway.
    Second there has NEVER been any kind of spyware or any "ware's" at all included in the progam at anytime and there never will be.

    Those accusations are totally obsured and are if fact libeling a highly respected software, the owner and the company that distributes it.

    I suggest that you do not post any further comments to that nature as Lavasoft does not tolerate this kind of behavior.

    Thanks...
    IAMSKINZ
    Super Administrator
    Lavasoft Support Forms
    www.lavasofsupport.com
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172107

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice