| Author |
cycovision - pc help thread |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
lol, im an idiot... i get what you meant... take out all the one you m,entioned except one of them..... duh!
Then what next? |
|
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
 yeah, i meant you've got multiple entries calling the same .dll file, you only need one. For god's sake don't take everything else out, your PC will end up knackered!!
Right, after you've done that just reboot and get the antivirus installed and scanning 
|
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
lol, im a plonker i know...  will do all that and post back in a a few mins
Cheers |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
hiya, back now, whats next cyco?
Ive run the antiuvirus, one trojan found and deleted...
Do i rerun the hijack program now?
Thanks
lee |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Yeah, reboot and run hijack this again and we'll make sure that those multiple protocol entries have gone and see if there's anything else that might be slowing it down.
Does it seem any quicker now that the trojan has (hopefully) gone?
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2006-02-15 20:27 ] |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
Hey, i have run Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 20:32:08, on 15/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\WINDOWS\System32\BTSetBootKey.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\steam\steam.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LEEWAL~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O18 - Protocol: bw+0 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Computer not seeming much quicker yet, but its only the first rebot.
Whats next?
lee |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
along with the help with hijack this mate, can you tell me how to sort out another problem? i had a scsi drive installend with another os on... i have recently removed this scsi from my hdd and when i had it in i had to pick the windows xp pro installantion to run (after the boot screen). even tho i have removed teh drive how do i remove the choice in windows? as far as i am conterned theres only one OS installed now so why am i getting a choice?
Thanks again
Lee
[ This Message was edited by: leeboy13 on 2006-02-15 21:04 ] |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
bump* |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
It looks like 'logitec desktop messenger' is causing a problem since it keeps putting those multiple protocol entries in the registry. Not sure if this is what's making it slow, but it's certainly not right. Do you actually use this app?
Also, I'm not sure about the LXBTtime.dll entry. It appears to be related to your lexmark printer but it is located in a very odd place. It's probably best to download adaware, webroot spysweeper and spybot search and destroy (just google for them) and scan your system for malware. They work like your antivirus; download and install them, update the definitions files and then set them scanning. Webroot is a trial version and it puts a 'guard' running in the background so it's best to uninstall it after it's finished scanning unless you plan to buy it.
As for the start-up issue, you'll need to edit the boot.ini file. It's a bit long winded so I'll describe the procedure later in a seperate post.
|
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
Hi, thanks for teh advise. I dont use the logitec application so how do i get rid of it?
I have installed no-adware and spy-bot search and destroy. both have been run and updated. I did this before running the second hijack thi that i posted the results too... as you can see my pc is in a bit of a mess, i could really do with getting it completely sorted. Im being such a pain i know. Thanks so much for your help so far.
What i am to do next tho, im very unsure. i'll wait for more advise from yourself mate
Cheers
Lee
p.s. also on start up the pc goes through 'raid' sequences (before the boot screen), these take a while to load (again slowing the startup significantly). i have no raid devices runing so how would i disable this at startup too? If it is possible at all.. and is it good to do this?
[ This Message was edited by: leeboy13 on 2006-02-16 12:47 ] |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Ok, download and run process explorer:
http://www.sysinternals.com/Files/ProcessExplorerNt.zip
This is a fancier version of XP's task manager. When you run it, hit 'CTRL' and 'L' together to remove the lower pane.
What you will see is (almost) everything that is running on your computer. It also shows you how much memory and processor time is being used. See if you can spot anything that is taking up lots of processor time (except 'system idle' at the top) and if you do, right click on it and select 'kill process'. Then see if your PC runs any quicker. If it does, you've found the culprit and we can remove it using either add / remove programs or hijack this.
You don't have to worry about closing anything that you shouldn't, process explorer does not remove the program, it simply closes it. If the PC freezes or stops working just hold the power button in for a few seconds until it switches off, then boot it up again and it'll be the same as before.
As for the RAID checking, depending on your motherboard there might be an option in BIOS somewhere to turn it off. It really does depend on the motherboard so you'll have to find it yourself I'm afraid. Some motherboards don't let you turn it off.
I haven't forgotten about your boot.ini problem, I'll post the solution tonight if I get chance
|
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
Thats great, thank you so much for your help, i will download and install taht program and try and find the culprat.
Will post when i know more
Cheers matey! |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
I run that program but couldnt see anything really causing a problem. I have posted a picture of the 'Process explorer' runing to see if you stop anything.
I can email you the picture if you cant see this one clearly enough
My email is leewalbyoff@hotmail.com if you need the picture
Thanks again
lee |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
why dont you both go on msn and leeboy can start the remote assistance and cyco can help him with whatever he needs doing.
dude_se
10 +'ve feedback's, 0 -'ves
--------------------------- |
leeboy13
Joined: Sep 28, 2005
Posts: > 500
From: Brissle - dodgy accients
PM |
nice idea, im up for anything, its up to cyco. however you help me, im grateful |
|
|
Posted: 2006-02-15 20:12
