|
system running slow
|
|
|
brody24
Newbie
|
3. November 2006 @ 19:32 |
Link to this message
|
System takes forever to start and everything running slow. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 11:18:52 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\StartupMonitor.exe
C:\imnnq_nt\imnsvdem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinBatch\System\popmenu.exe
C:\Crap\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IMNNQ] nqdetach.exe imnss.exe start server
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: PopMenu exe.lnk = C:\Program Files\WinBatch\System\popmenu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2001...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/096855fc2bb813018015/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20030...all/xscan53.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: System Commander MBR check (WinMBR) - Unknown owner - C:\SC\WINMBR.EXE
Brody
|
|
Advertisement
|
|
|
|
Senior Member
|
4. November 2006 @ 07:15 |
Link to this message
|
Rename HijackThis to any name of your choice. Rescan and post the new log.
|
|
brody24
Newbie
|
4. November 2006 @ 12:03 |
Link to this message
|
Ok. Renamed the HijackThis.exe to MyOwnCopyOfThis.exe in the C:\Crap\HijackThis directory. I hope this is what you meant. Here is results of new scan.
Logfile of HijackThis v1.99.1
Scan saved at 4:01:25 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\StartupMonitor.exe
C:\imnnq_nt\imnsvdem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinBatch\System\popmenu.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Crap\HijackThis\MyOwnCopyOfThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IMNNQ] nqdetach.exe imnss.exe start server
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: PopMenu exe.lnk = C:\Program Files\WinBatch\System\popmenu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2001...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/096855fc2bb813018015/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20030...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: System Commander MBR check (WinMBR) - Unknown owner - C:\SC\WINMBR.EXE
Thanks,
Brody24
Brody
|
Senior Member
|
4. November 2006 @ 12:44 |
Link to this message
|
Go here to download the trial version of AVG Anti-spyware.
Install and open AVGAS.
Click "Update" then click "Start update".
After updating, close AVGAS.
Note: Print or copy these instructions to Notepad and asave them. You will be in safe mode and can't access the internet.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open AVGAS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report" and save it to the desktop.
Restart in normal mode.
Post back with the AVGAS report and a new HijackThis log.
|
|
brody24
Newbie
|
4. November 2006 @ 15:27 |
Link to this message
|
Ok...will do. However, I do have Anti-Vir installed and running, along as a firewall. Is there something else I should be doing?
Brody24
Brody
|
Senior Member
|
4. November 2006 @ 17:20 |
Link to this message
|
Yes, you need an anti-spyware program. Get AVGAS and also look into getting Spybot Search and Destroy. Spybot is free, but there's no real-time protection.
|
|
brody24
Newbie
|
4. November 2006 @ 18:38 |
Link to this message
|
Niobis:
Thanks for info. I did already have Ad-Aware, Spybot, and Spyware blaster, but have installed AVG.
Here's the Hijack log, followed by the AVG log.
Logfile of HijackThis v1.99.1
Scan saved at 10:35:02 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\imnnq_nt\imnsvdem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\WinBatch\System\popmenu.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Crap\HijackThis\MyOwnCopyOfThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IMNNQ] nqdetach.exe imnss.exe start server
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: PopMenu exe.lnk = C:\Program Files\WinBatch\System\popmenu.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/2001...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/096855fc2bb813018015/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20030...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: System Commander MBR check (WinMBR) - Unknown owner - C:\SC\WINMBR.EXE
AVG Report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:22:57 PM 11/4/2006
+ Scan result:
C:\Documents and Settings\default\My Documents\Downloads\work_downloads\vnc-3.3.3r9_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\Program Files\ORL\VNC\VNCHooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\Program Files\ORL\VNC\WinVNC.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
C:\Program Files\ORL\VNC\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\wqyziq85.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
::Report end
Brody
|
Senior Member
|
4. November 2006 @ 18:57 |
Link to this message
|
Go to Virus Total file scan
Click "Browse" beside the "Select file" area.
Find and select this file:
C:\imnnq_nt\imnsvdem.exe
Click 'Send".
Copy/paste the results and save to Notepad.
Post the resutls in your next reply.
|
|
brody24
Newbie
|
5. November 2006 @ 04:50 |
Link to this message
|
|
Ok-
Complete scanning result of "IMNSVDEM.EXE", received in VirusTotal at 11.05.2006, 15:47:05 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.37 11.03.2006 no virus found
Authentium 4.93.8 11.05.2006 no virus found
Avast 4.7.892.0 11.03.2006 no virus found
AVG 386 11.04.2006 no virus found
BitDefender 7.2 11.05.2006 no virus found
CAT-QuickHeal 8.00 11.04.2006 no virus found
ClamAV devel-20060426 11.05.2006 no virus found
DrWeb 4.33 11.05.2006 no virus found
eTrust-InoculateIT 23.73.45 11.03.2006 no virus found
eTrust-Vet 30.3.3176 11.03.2006 no virus found
Ewido 4.0 11.05.2006 no virus found
Fortinet 2.82.0.0 11.05.2006 no virus found
F-Prot 3.16f 11.04.2006 no virus found
F-Prot4 4.2.1.29 11.04.2006 no virus found
Ikarus 0.2.65.0 11.03.2006 no virus found
Kaspersky 4.0.2.24 11.05.2006 no virus found
McAfee 4888 11.03.2006 no virus found
Microsoft 1.1609 11.04.2006 no virus found
NOD32v2 1.1853 11.03.2006 no virus found
Norman 5.80.02 11.03.2006 no virus found
Panda 9.0.0.4 11.04.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.112 11.03.2006 no virus found
UNA 1.83 11.03.2006 no virus found
VBA32 3.11.1 11.04.2006 no virus found
VirusBuster 4.3.15:9 11.05.2006 no virus found
Aditional Information
File size: 48640 bytes
MD5: 0c2c1482158fb0b26d267f1f42bfbfb7
SHA1: 07d84207177ee82b4a405a58297c3ea805cefc36
Brody
|
Senior Member
|
5. November 2006 @ 05:40 |
Link to this message
|
You may uninstall AVGAS if you don't want/need it. Spyware Blaster isn't showing in the HjT log that why I ask you download and use it.
Do you use StartupMonitor?
Go here to run ActiveScan.
When it finishes, click "See Report".
If anything other than cookies is found post the log here.
This message has been edited since posting. Last time this message was edited on 5. November 2006 @ 05:41
|
|
brody24
Newbie
|
5. November 2006 @ 09:40 |
Link to this message
|
Quote:
Do you use StartupMonitor?
YEP.
Nothing but cookies postedby ActiveScan.
Brody
|
Senior Member
|
5. November 2006 @ 11:57 |
Link to this message
|
Use CCleaner to clean the cookies.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Click Cleaner > Run Cleaner.
Search for and locate the file: SysTray.Exe
Right-click it and select Properties.
Is it 'copyright by Microsoft'?
If it is then you're clean.
If startup is still slow you can take things you don't need off startup.
Go to Start > Run > type msconfig and click OK. Then go to the Startup tab.
Make sure you know what you are unchecking as most are needed system files.
Edit: maybe check for a rootkit.
Download F-Secure Blacklight (blbeta.exe) to the desktop from here.
Open it and click Accept Agreement.
Click "Scan".
After the scan is complete, click "Next", then "Exit".
It will create a log on the desktop named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan)
Post that log in your next reply.
This message has been edited since posting. Last time this message was edited on 5. November 2006 @ 12:00
|
|
brody24
Newbie
|
6. November 2006 @ 13:24 |
Link to this message
|
|
Ran CCLeaner. Deleted basically everything it had an issue with.
Blacklight
11/06/06 17:10:53 [Info]: BlackLight Engine 1.0.47 initialized
11/06/06 17:10:53 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/06/06 17:10:54 [Note]: 7019 4
11/06/06 17:10:54 [Note]: 7005 0
11/06/06 17:10:58 [Note]: 7006 0
11/06/06 17:10:58 [Note]: 7011 1900
11/06/06 17:10:58 [Note]: 7026 0
11/06/06 17:10:59 [Note]: 7026 0
11/06/06 17:11:13 [Note]: FSRAW library version 1.7.1020
11/06/06 17:13:40 [Note]: 7007 0
SysTray looks ok.
Something is still goofy though. From the time I hit enter on the "enter id/password" screen until I see the FIRST desktop icon is a little over 5 MINUTES. This process used to be pretty quick. Maybe a minute. Tops!
Running more than a single program drags the system to it's knees. I used to have tons of things open all at once.
When I look at Windows task manager, I see about 85% of my PF usage already taken. Here's my individual stats:
Phyical Memory
Total 130124
Available 23928
System cache 34200
Kernal Memory (k)
Total 32372
Paged 25512
Nonpaged 6860
Totals
Handles 6728
Threads 381
Processes 36
Commit Charge (k)
Total 257060
Limit 313312
Peak 261920Phyical Memory
Total 130124
Available 23928
System cache 34200
Kernal Memory (k)
Total 32372
Paged 25512
Nonpaged 6860
Totals
Handles 6728
Threads 381
Processes 36
Commit Charge (k)
Total 257060
Limit 313312
Peak 261920
In anycase, thanks for you help.
Brody
|
Senior Member
|
6. November 2006 @ 14:57 |
Link to this message
|
|
Maybe increase your virtual memory.
Right-click My Computer > Properties > Advance tab > Performance settings > Advance tab > under Virtual Memory click Change.
Under Paging file size for selected drive click the Customize size box. You can set it as high as you like as long as you're under the "Space available" size. But, don't set it too high or it will take away all your HD space.
Personally, with a 40 GB HD, mine is set to:
"Initial Size: 800 MB"
"Maximum size: 1536 MB"
It just depends on the size of your HD and how much space you can spare for extra VM.
|
|
Advertisement
|
|
|
|
brody24
Newbie
|
7. November 2006 @ 02:27 |
Link to this message
|
|
Well, things are better. It's now taking 3min to boot instead of 5, and performance is reasonable now.
Thanks for your help.
Brody
|
