1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: internet slow

Discussion in 'Virus & Other Malware Removal' started by black99gm, Feb 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. black99gm

    black99gm Thread Starter

    Joined:
    Nov 8, 2004
    Messages:
    43
    Hi

    I am having a few problems with system running slow, getting booted from the internet connection. Below is the lastest Hi-jack this log and activescan.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:57:24 PM, on 2/10/07
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
    C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [ALU Scheduler Service] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat
    Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/Hitbox Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Searchportal Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/Entrepreneur Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/888 Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\[email protected][3].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\My Documents\Hijack this\backups\backup-20051121-000308-249-PowerReg SchedulerV2.exe
    Thanks - 99
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      c:\windows\pcconfig.dat

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
     
  3. black99gm

    black99gm Thread Starter

    Joined:
    Nov 8, 2004
    Messages:
    43
    Thanks for the reply.
    I did what you instructed, everything went OK. I did not receive any error messages or prompts.

    Thanks again - 99
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    No problem. How are things now?
     
  5. black99gm

    black99gm Thread Starter

    Joined:
    Nov 8, 2004
    Messages:
    43
    Seems to working fine. I will do another activescan in the near future.

    Thanks for your help. :)
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    My pleasure :)

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542920

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice