Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer= DEATH


  • This topic is locked This topic is locked
1 reply to this topic

#1 reagansucks22

reagansucks22

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 03 October 2004 - 08:55 PM

ok i was helped like two weeks ago with my yeakuks thing/peper infection. it seems to be gone. but since then my computer randomly crashed and is now really slow.

so i just wanted to see if i should delete any of this stuff.

some of it looks fishy:

thanks! d



Logfile of HijackThis v1.98.2
Scan saved at 6:25:27 PM, on 10/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\specialfile.exe
C:\WINDOWS\System32\winupdate2date.exe
C:\WINDOWS\System32\lshost.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe
O4 - HKLM\..\Run: [pcEXPLODE] specialfile.exe
O4 - HKLM\..\Run: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKLM\..\Run: [Generic Host Service] lshost.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe
O4 - HKLM\..\RunServices: [pcEXPLODE] specialfile.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKLM\..\RunServices: [Generic Host Service] lshost.exe
O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe
O4 - HKCU\..\Run: [pcEXPLODE] specialfile.exe
O4 - HKCU\..\Run: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...dabb9ec24c7b353

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 03 October 2004 - 09:25 PM

I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe
O4 - HKLM\..\Run: [pcEXPLODE] specialfile.exe
O4 - HKLM\..\Run: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKLM\..\Run: [Generic Host Service] lshost.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe
O4 - HKLM\..\RunServices: [pcEXPLODE] specialfile.exe
O4 - HKLM\..\RunServices: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKLM\..\RunServices: [Generic Host Service] lshost.exe
O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe
O4 - HKCU\..\Run: [pcEXPLODE] specialfile.exe
O4 - HKCU\..\Run: [WindowsRegKey update2date] winupdate2date.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...dabb9ec24c7b353
Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

c:\windows\system32\msnmsg.exe
c:\windows\system32\specialfile.exe
c:\windows\system32\winupdate2date.exe
c:\windows\system32\lshost.exe
C:\Program Files\Windows SyncroAd\
c:\windows\system32\msnmsg.exe
C:\Program Files\AWS\

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users