Claude:
Here's the scan log, and in the meantime I'll work on some of those other
suggestions you sent, a couple of which I don't know how to do (like creating
a key?).
Thanks a lot for your help.
Chuck
Logfile of HijackThis v1.99.1
Scan saved at 11:32:40 AM, on 6/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Plaxo\s1bc.a02680\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chuck Webster\My Documents\My
Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture -
{7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program
Files\Plaxo\s1bc.a02680\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file
missing)
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration
Class) -
http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal
Account Registration) -
https://secure.stamps.com/download/us/registration/3_0_0_786/sdcregie.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client)
-
http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/172f06789aaf7c51e417/netzip/RdxIE601.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) -
http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) -
http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.com/players/play365.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} -
http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload)
-
https://www.hyperoffice.com/hyperoffice/personal/documents/XUpload.ocx
O16 - DPF: {EC8C56B1-D027-4AB2-AF63-F845CCEE59B5} (DocumentAccessor Class) -
https://www.bpm.lowermybills.com/bi...mybills.com%2Fbillmanager/AutologinHelper.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program
Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Claude LaFrenière said:
Bonjour *Chuck* :
Claude:
I'm not sure what the problem was. I had been frustrated that my computer
had become terribly slow over the past few months, so I googled "slow XP
computer" and ran across a Microsoft article (by "Tony" someone) about steps
to take--removing unused programs, degragging, etc. The fateful step was
removing a bunch of things that were being started at Startup, which actually
helped some until I removed something that caused the problem that I
initially posted about (couldn't logon). I think I disabled something called
userinit--could that have been it? I tried to check on the things I was
disabling to make sure they weren't essential to startup, but I must have
messed up on one (duh?). Anyway, now that it's running, I've gone back to
msconfig, and I don't see one in there that's called userinit. I guess I'll
just stay away from msconfig for awhile.
My computer's still slow, but that's "a whole nother" issue . . .
Thanks for your help.
Most of the time it's possible to recover normal performances
by removing malwares and some useless "utilities"...
Make a scan with HijackThis and post the scan log here.
I'll check it and tell you what bad or useless things you
have to remove or disable.
http://www.merijn.org/downloads.html
Check list for maintenance :
A)
1- Set explorer to use à different process (multi-threads):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Create this key:
DesktopProcess
Reg_DWord
value 1
2- Change the Windows priority separation :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
Create this key :
Win32PrioritySeparation
Reg_DWord
Value 26 in HEX
B)
A good maintenance of W xp is required from time to time.
Here some hints:
1- Use chkdsk to check the integrity of your hard disk:
Windows explorer | right click on disk icon |
properties | tab "tools" | "check errors" | check both options
ok and restart your computer
or
Start | Run | cmd | chkdsk X: /F /V ,
Where X= disk volume
For the results un applications log:
Souce : Winlogon
ID : 1001
2) Clean the temporary files:
Start | Run | cleanmgr.exe
3) Defrag the volumes of the HD :
Start | Run | Defrag.msc
For multiple volume defrag use this:
http://www.dougknox.com/utility/scripts_desc/defrag_all.htm
4) Check devices and drivers and upgrade them if needed
Start | Run | devmgmt.msc
Devices error codes:
http://support.microsoft.com/Default.aspx?kbid=310123
To find the drivers check the manufacturer links in Everest.
The drivers must comes from the manufacturer and nobody else...
5) Check the errors and warnings messages in the system and applications logs
and , if needed, fix those problem as soon as possible. Some "errors"
messages are not important and can be ignored. Ask in new groups and
make some seach at Event ID site and with Google...
Start | Run | eventvwr.msc
Hints for Event IDs:
http://www.eventid.net/
6) Check the services configuration:
The mandatories services must be started and in automatic mode
The others in manual...or disabled....
More info on W xp services:
http://www.theeldergeek.com/services_guide.htm
if you understand french:
http://climenole.serendipia.net/archives/3-La-Configuration-des-Services-de-Windows-XP.html
(english version soon...)
7) Check the applications started at boot and keep them
to the minimum.
instead of using msconfig used Starter from CodeStuff...
http://codestuff.mirrorz.com/
Check for applications in your account and All users
(from an admin account...)
8) Control what's running on that PC with those tools:
Autorun
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml
*Don't delete or disable anythings unless you are absolutly sure of what's you're doing* [as you know ;-) ]
Process Explorer :
(an enhanced Task Manager!)
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
9) Defrag the protected files ( Registry , hiberfil.sys, Pagefile.sys etc.)
http://www.sysinternals.com/ntw2k/freeware/pagedefrag.shtml
10) Optimize the prefetching
Run this command :
%windir%\system32\Rundll32.exe advapi32.dll,ProcessIdleTasks
usefull only when the computer is idle...
The service Task Scheduler must be running and in automatic mode.
Check this value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\PrefetchParameters
The key EnablePrefetcher REG_DWORD must be set to 3.
11) Safe & Cool ...
A)
Keep your system free of malwares (virus, worms,spywares, etc.)
If you understand french:
http://climenole.serendipia.net/archives/5-Quelques-liens-utiles-pour-la-securite-de-Windows-XP.html
(english version soon...)
Check your firewall configuration and make sure your PC is "stealth":
www.grc.com
Run the "Shields Up" test .Everythings must be "green" ...
Update frequently your anti-virus and your anti-spywares.
( MS Anti-spyware, SpyBot S&D, Ad-Aware, Spyware Blaster and
Spyware Guard... more than one is better since no one are 100% reliable...)
And check if the AV is set to protect your PC "On Access"
(in the so-called "real-time") not only "on demand" ( scan
runned after the problem...)
Used an alternate Internet Browser and keep IE
only for Windows updates and MS specific stuff.
By alternate I mean :
Firefox or Opera (not Maxthon, Avant etc.)
Avoid to surf on the Web from an administrator account.
You have to "feed" your HOSTS file :
What is an Hosts file :
http://www.safer-networking.org/en/dictionary/hostsfile.html
The hosts from MVPs:
http://www.mvps.org/winhelp2002/
Frequent updates and documented...
Tools for Hosts :
HostToggle:
http://www.accs-net.com/hosts/HostsToggle/
and/or
WinPatrol
good also for other insteresting stuff...)
http://www.winpatrol.com/download.htm
Some tools and links:
"Mini- antivirus" to be runned in safe mode:
Stinger :
http://vil.nai.com/vil/stinger/
Avast cleaner :
http://www.avast.com/eng/avast_cleaner.html
MS:
http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=fr
Kaspersky:
ftp://ftp.kaspersky.ru/utils/clrav.com
Anti Root-Kits
F-Secure (beta)
http://www.f-secure.com/blacklight/
Online scan:
Anti-trojan:
http://www.windowsecurity.com/trojanscan/
Anti-spy:
http://www.spywareguide.com/txt_onlinescan.html
http://store.ca.com/dr/v2/ec_main.e...lient=ComputerAssociates&sid=35715&CID=181432
Anti-virus:
www.trendmicro.com
B)
Keep your PC free of dust and check the temperatures with those tools:
Everest:
http://www.lavalys.com/
Remark:
Very good software but the warnings about the Bios
and the commercial links to that stuff are useless...
Bios upgrades *if needed* must comes from the PC manufacturer
or the Motherboard manufacturer and nobody else.
(Not needed most of the time : don't worry about this..)
SpeedFan
http://www.almico.com/speedfan.php
Remark:
Good software but the temperatures of the hard disk are not
reported correctly and most of the time not related to the disk
reliability.
Better info from Everest...
No more idea....
Let us know...(and post your HijackThos log...)
--
Claude LaFrenière [MVP]
«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on
www.msmvps.com
Bientôt sur
www.msmvps.com
