Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Internet Response


  • Please log in to reply
3 replies to this topic

#1 bawi83

bawi83

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 March 2005 - 11:07 AM

Hi. I'm a new user to the forum. I found the link from Spyware Warrior. I'm currently having very slow internet access through my cable modem, and I think I might hav some spyware on my PC.

I'm running Windows 95 (I know, I know - I'm going to be upgrading soon, but I'm not there yet). Anyway, I have SpyBot S&D on my PC and have run it and cleaned evrything it found. I don't have Ad-Aware, as it requires Windows 98 :-(

I ran the free check on SpySweeper's site and it listed the following programs: Comet Cursor, Cool Search Hijacker, Ehttp Hijacker, and Hiwire. But I don't know how to remove them.

Can someone please help me clean my PC?

I just downloaded and ran HijackThis! and here's the log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:33:16 AM, on 3/29/2005
Platform: Windows 95 a (Win9x 4.00.1212)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\THRUSTMASTER\COMMON\TMDEVMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [MSWHEEL] C:\WINDOWS\SYSTEM\mswheel.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [Mixghost] C:\ACS495\MixGhost.exe
O4 - HKLM\..\Run: [TMDevMon] C:\Program Files\ThrustMaster\Common\TMDEVMON.EXE
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O13 - WWW. Prefix: http://
O16 - DPF: {6EBE5A5B-2621-11D1-905C-00A0244D4224} (ReadHTML.GetHTML) - file://C:\DELL\ie4si\ReadHTML.CAB
O16 - DPF: {AABDAB84-5B60-11D1-A046-0000F803FC79} (HeartbeatCtl Class) - http://fdl.msn.com/zone/z4/heartbeat.cab
O16 - DPF: {BD1F006E-174F-11D2-95C0-00C04F9A8CFA} (SurveyCtl Class) - http://activex.microsoft.com/controls/mtswizards/Survey.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://mplayer.com/join/signup/mplayer.exe
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.vivo.com/dldv2/vvweb.cab
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: Dialpad Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/sbncheck.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {0C98419E-324F-11D3-9A23-00C04FF40D52} (McAfee Clinic AV Installer Control) - http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab
O16 - DPF: {99B42120-6EC7-11CF-A6C7-00AA00A47DD2} (Label Object) - http://activex.microsoft.com/controls/iexp...x86/ielabel.cab
O16 - DPF: {CDB74794-A3BA-4733-B6F6-59BF16D6C15A} (McAfee Smart Shop - Update Class) - http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab
O16 - DPF: {340A0150-9DC7-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/Clinic/Edisk/edisk.cab
O16 - DPF: {06D5218D-079C-11D3-B2D1-00A0C98684AC} (McAfee Hardware Finder Control) - http://download.mcafee.com/molbin/clinic/hwf/mghwinfo.cab
O16 - DPF: {9F0F185C-B50B-11D2-B53F-00A0C98684AC} (McAfee PC Clinic OilChange Class) - http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab
O16 - DPF: {13E39F7E-FDA8-11D2-99DC-00C04FF40D52} (McAfee OilChange Multi-Product Support Filter) - http://download.mcafee.com/molbin/OilChange/MGOcFilt.cab
O16 - DPF: {BF31FA5E-AE8A-11D2-A1BD-0800300004C2} (McAfee PC Clinic Internet Class) - http://download.mcafee.com/molbin/Shared/MCInet_new.cab
O16 - DPF: {23047A90-8511-11D2-87A5-20C252C10000} (McAfee Clinic TreeView Class) - http://download.mcafee.com/molbin/Shared/MGTree.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...21/mcinsctl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} (McAfee.com Component Download Manager Class) - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://us1.webex.com/client/v_os30/webex/ieatgpc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/aut.../autopricer.cab
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowse...5.30/Hiwire.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab


Here's the Startup List it generated:

StartupList report, 3/29/2005, 9:35:33 AM
StartupList version: 1.52.2
Started from : C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 95 a (Win9x 4.00.1212)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\THRUSTMASTER\COMMON\TMDEVMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
EnabCDPT.lnk = C:\Program Files\QI\DVD Player\EnabCDPT.exe
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSWHEEL = C:\WINDOWS\SYSTEM\mswheel.exe
POINTER = C:\PROGRA~1\MSHARD~1\point32.exe
Mixghost = C:\ACS495\MixGhost.exe
TMDevMon = C:\Program Files\ThrustMaster\Common\TMDEVMON.EXE
3dfx Tools = rundll32.exe 3dfxCmn.dll,UpdateRegSettings
vptray = c:\Program Files\Norton AntiVirus\vptray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

rtvscn95 = c:\Program Files\Norton AntiVirus\rtvscn95.exe
defwatch = c:\Program Files\Norton AntiVirus\defwatch.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer = C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
H/PC Connection Agent = "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = c:\windows\NOTEPAD.EXE %1

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 21/3/2005, 6:33:56)

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A240 I10 D3 H7 P300 E640 T6
C:\DELL\USBINFO.EXE /FIX
SET MSINPUT=C:\MSINPUT

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

{F1F7E3E9-4B71-46C2-9B11-C08E032E6F0E}_ Wilson.job
{7D3D62B8-D378-4D36-B2DB-CEF51263534E}_ Wilson.job
{DD71D08F-5170-49FD-999D-E9CE3C814AA9}_ Wilson.job

--------------------------------------------------

Enumerating Download Program Files:

[ReadHTML.GetHTML]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\READHTML.OCX
CODEBASE = file://C:\DELL\ie4si\ReadHTML.CAB

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HEARTB~1.OCX
CODEBASE = http://fdl.msn.com/zone/z4/heartbeat.cab

[SurveyCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SURVEYCONTROL.DLL
CODEBASE = http://activex.microsoft.com/controls/mtswizards/Survey.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R848/V3...en/actsetup.cab

[{0FC6BF2B-E16A-11CF-AB2E-0080AD08A326}]
CODEBASE = http://activex.liveupdate.com/controls/cres.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\HRTBEAT.OCX
CODEBASE = http://fdl.msn.com/zone/Z4/heartbeat.cab

[{4248083C-9656-11D2-8B7F-00105A17847A}]
CODEBASE = http://mplayer.com/join/signup/mplayer.exe

[VivoActive Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\VVWEB.OCX
CODEBASE = http://www.vivo.com/dldv2/vvweb.cab

[TestX Class]
InProcServer32 = C:\WINDOWS\SYSTEM\PTESTX.DLL
CODEBASE = http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB

[ATLSBNCheck Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SBNCHECK.DLL
CODEBASE = http://msdn.microsoft.com/downloads/sbncheck.cab

[McAfee Clinic AV Installer Control]
InProcServer32 = C:\WINDOWS\MCBIN\AV\MGAVINST.DLL
CODEBASE = http://download.mcafee.com/molbin/clinic/v...an/mgavinst.cab

[Label Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELABEL.OCX
CODEBASE = http://activex.microsoft.com/controls/iexp...x86/ielabel.cab

[McAfee Smart Shop - Update Class]
InProcServer32 = C:\WINDOWS\MCBIN\MCAENG\ENG\MCSMTSHP.DLL
CODEBASE = http://download.mcafee.com/molbin/mcaeng/mcsmtshp.cab

[{340A0150-9DC7-11D3-9A01-005004677EF4}]
CODEBASE = http://download.mcafee.com/molbin/Clinic/Edisk/edisk.cab

[McAfee Hardware Finder Control]
InProcServer32 = C:\WINDOWS\MCBIN\HWF\MGHWINFO.DLL
CODEBASE = http://download.mcafee.com/molbin/clinic/hwf/mghwinfo.cab

[McAfee PC Clinic OilChange Class]
InProcServer32 = C:\WINDOWS\MCBIN\OC\MGOCCTL.DLL
CODEBASE = http://download.mcafee.com/molbin/OilChange/MGOcCtl_new.cab

[McAfee OilChange Multi-Product Support Filter]
InProcServer32 = C:\WINDOWS\MCBIN\OC\MGOCFILT.DLL
CODEBASE = http://download.mcafee.com/molbin/OilChange/MGOcFilt.cab

[McAfee PC Clinic Internet Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MCINET.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MCInet_new.cab

[McAfee Clinic TreeView Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MGTREE.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGTree.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MCINSCTL.DLL
CODEBASE = http://download.mcafee.com/molbin/shared/m...21/mcinsctl.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[McAfee.com Component Download Manager Class]
InProcServer32 = C:\WINDOWS\MCBIN\CDM\MCCDM.DLL
CODEBASE = http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab

[MSN Chat Control 4.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT40.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat4.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[GpcContainer Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IEATGPC.DLL
CODEBASE = http://us1.webex.com/client/v_os30/webex/ieatgpc.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

[CarPoint Auto-Pricer Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AUTOPRICER.OCX
CODEBASE = http://carpoint.msn.com/components/ocx/aut.../autopricer.cab

[Register Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HWUTILS.DLL
CODEBASE = http://content.hiwirenetworks.net/inbrowse...5.30/Hiwire.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PPSDKACTIVEXSCANNER.OCX
CODEBASE = http://www.pestscan.com/scanner/axscanner.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 9,592 bytes
Report generated in 0.341 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Thanks!
Brad

Mod Edit: moved log to the HJT forum for the team to review. jgweed

Edited by jgweed, 29 March 2005 - 11:14 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:30 PM

Posted 29 March 2005 - 11:31 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowse...5.30/Hiwire.cab

Reboot your computer and post a new log. Also tell us if the problem is gone

#3 bawi83

bawi83
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 31 March 2005 - 09:51 AM

Thanks! That seems to have helped some. It's still a little slow, but better.

Thanks again!!

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:30 PM

Posted 31 March 2005 - 05:45 PM

You should post a last log for final review




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users