1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Performance

Discussion in 'Windows XP' started by Wheatthin77, Jul 29, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    I recently upgraded my adware and spybot. I removed a ton of stuff and the system seems to run ok for the most part.

    However, my brower is still loading an automatic search engine (although I'm defaulting the system to use the blank page). How can I remove this pesky search item?

    Any help is appreciated.

    Thanks again,

    Jason

    ogfile of HijackThis v1.99.1
    Scan saved at 10:02:00 PM, on 7/26/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Config\msvccr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\golumm\services.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Randi\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Randi\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
    O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - (no file)
    O2 - BHO: (no name) - {6408BC27-168D-43C2-8D85-4DE343133636} - C:\WINDOWS\System32\kminh.dll
    O4 - HKLM\..\Run: [*msvccr] C:\WINDOWS\Config\msvccr.exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Randi\LOCALS~1\Temp\se.dll,DllInstall
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
    O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
    O4 - HKCU\..\Run: [ntshrui] C:\WINDOWS\System32\ntshrui.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {023C276E-CC38-1BEE-A034-4B9F5BF8BA08} -
    O16 - DPF: {089B478E-35B6-17A9-2DB4-53181C1C8862} -
    O16 - DPF: {09CBBDF6-2AD6-0308-0CF3-611E50772F2B} -
    O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
    O16 - DPF: {2BC29B4A-3568-49FB-0C8F-506A4E8E0EDA} -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {2F0B16E0-DC66-7F32-CA9D-36FD3AEE2A24} -
    O16 - DPF: {33F09B6F-F78B-67CB-F3E7-2FE67172A719} -
    O16 - DPF: {4FE3380C-712D-1480-C28E-1D1A01F44706} -
    O16 - DPF: {5D832EF3-B501-665F-BF6B-33D42FF78935} -
    O16 - DPF: {5F7CE0F7-E74B-3103-56E8-66C9351F85A7} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
    O16 - DPF: {669CE0DD-C6C1-3CB2-B341-0FE912F34482} -
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} -
    O18 - Filter: text/html - {E3368734-7713-4BD2-A1A8-001F98DD353D} - C:\WINDOWS\System32\kminh.dll
    O18 - Filter: text/plain - {E3368734-7713-4BD2-A1A8-001F98DD353D} - C:\WINDOWS\System32\kminh.dll
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. Jimmy the Hand

    Jimmy the Hand

    Joined:
    Jul 28, 2006
    Messages:
    1,223
    I'm not an expert of HijackThis, but from

    ... looks like there is this se.dll which could be removed or renamed, and see if the problem still occurs.
     
  3. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    I tried removing these and they reappeared on the next scan....My virtual memory is running low too.
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,772
    First Name:
    Frank
    Unless it's getting too late and my eyes aren't working too well, I don't see a full-time antivirus program installed and running in the background.:eek:

    ------------------------------------------------------------------------------------

    You're using the original version of Windows XP, which is almost 5 years out of date.:eek:

    The SP1 upgrade should be installed. Don't install the SP2 upgrade until all the "nasties" and other problems are gone.

    ------------------------------------------------------------------------------------

    Open the

    C:\Documents And Settings\Randi\Local Settings\Temp

    folder, then delete all files and folders from inside that Temp folder.

    Besides being nothing more than junk, it's a good place for "nasties" to hide and do their dirty deed.(n)

    ------------------------------------------------------------------------------------
     
  5. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    When I go into the Randi file, the temp file is not present...Is it possible to be hidden by another corrupt file?
     
  6. 4steve44

    4steve44

    Joined:
    May 3, 2004
    Messages:
    1,544
    Ok Let me ask since you did not answer flavalee. DO you have an anti virus and if you do what is it?:rolleyes:
     
  7. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    I had McAfee's and disabled it (due to the problems it was giving my system). What do you think the most effective anti virus is?
     
  8. Jimmy the Hand

    Jimmy the Hand

    Joined:
    Jul 28, 2006
    Messages:
    1,223
    McAfee is quite effective, according to PCWorld's tests, but it uses up a lot of resources. In other words, it slows down your computer. Try NOD32, or AVG7. The latter is free for personal use. Don't install more than one antivirus program at the same time.
     
  9. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    One of the reasons that questions are not being answered is that the operating system is illegal. It is the corporate version with the leaked key code. So since the operating system is illegal then there is not much we can do about it and a refusal to answer a HJT expert is another point to prove it.

    Let's try this

    Please download this from Microsoft and run it on your computer
    Filename = WGADiag2.exe
    http://go.microsoft.com/fwlink/?linkid=52012
    Press "Copy to clipboard" and post the results here

    If this is a legal vwersion of Windows I am sure the member will not mind running this and posting the results as described.
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,772
    First Name:
    Frank
    The Temp folder may be under a different username in the C:\Documents And Settings folder. I was assuming it was under "Randi" because of what I viewed in your log.

    ------------------------------------------------------------------------------------

    You might seriously consider downloading and installing ToniArts EasyCleaner 2.0.6.380, running the "Unnecessary" function(after first selecting the top 3 boxes), then selecting and deleting everything it finds during the scan. You can get it here.

    ------------------------------------------------------------------------------------
     
  11. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    OZROME1E

    What do you mean illegal o/s? I bought the system from Dell direct a couple of years ago...I'm not really sure what your insinuating...I tried the application that you posted and it would not scan the system. Do you normally make these types of accusations? Sorry I could not respond sooner, as I hold a job.

    Flavallee

    - Thanks again! I will give this a try and let you know how I make out. I'm not trying to give anyone a hard time, just would like to know what is going on with my system.
     
  12. Wheatthin77

    Wheatthin77 Thread Starter

    Joined:
    Jul 26, 2006
    Messages:
    22
    Diagnostic Report (1.5.0540.0):
    -----------------------------------------
    WGA Data-->
    Genuine Validation Status: Genuine
    Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
    Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
    Windows Product ID: 55277-OEM-2111907-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.0.0.hom
    Download Center code: Failed to get code. Error:0x80072efd
    ID: fd049cfd-5c6c-4f18-b9e5-6e36b625b2fa
    Is Admin: Yes
    AutoDial: No
    Registry: 0x0
    WGA Version: Failed to retireve file version. - 0x80070006
    Signature Type: Unknown.
    Validation Diagnostic: 63BB5E84-355-80040154_E2AD56EA-249-80040154_16E0B333-138-80040154_63BB5E84-355-80040154_E2AD56EA-249-80040154_16E0B333-57-80040154

    System Scan Data-->
    Scan: Failed to scan machine. Error:0x80040154
    Cryptography: Complete

    Notifications Data-->
    Cached Result: N/A
    Cache refresh Interval: N/A
    Extended notification delay(non-genuine): N/A
    Extended notification delay(un-activated): N/A
    All disabled: N/A
    Reminder reduced: N/A
    File Exists: No
    Version: N/A
    Signatue Type: N/A

    OGA Data-->
    Office Status: 100
    Office Diagnostics:

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\PROGRA~1\AMERIC~1.0\aol.exe
    Download signed ActiveX controls: Allowed
    Download unsigned ActiveX controls: Allowed
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Allowed
    Allow scripting of Internet Explorer Webbrowser control:
    Active scripting:
    Script ActiveX controls marked as safe for scripting:

    File Scan Data-->

    Other data-->
    Office Details:
     
  13. ODIN 0ERO

    ODIN 0ERO Guest

    use AVAST or NOD32 as antivirus tools...of course they are more than just ANTIVIRUS tools.

    they are the two best anti malware tools you can find....

    use them...:cool:
     
  14. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,772
    First Name:
    Frank
    Open the

    C:\WINDOWS\Downloaded Programs Files

    folder, then click View - Details.

    Delete everything in there, except for the Symantec antivirus scanner entry.

    Reboot, then post a new HijackThis log.

    -------------------------------------------------------------------------------------
     
  15. 4steve44

    4steve44

    Joined:
    May 3, 2004
    Messages:
    1,544
    Yes use Avast, but first uninstall McAfee, then install Avast. It is as good an anti-virus as you can get and its free, will auto update and does not use much in the way of resources:D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - System Performance
  1. conceptualclarit
    Replies:
    4
    Views:
    388
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487494

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice