-
October 19th, 2004, 02:39 AM
#1
Junior Member
Connection troubles...
i'm having trouble connecting to the internet. i still have dial-up (Juno) :-( when i try to connect Juno dials the service but after that services.exe maxes out my cpu. (cpu usage: 100%) i'm pretty sure it is the fault of coolwebsearch. i have removed 3 infectoins of coolwebsearch with cwshredder. also i think i have removed parts with HijackThis. i have run ad-aware 6.0 personal, spybot S&D and AVG free 6.0 all fully updated. i'm not sure what else to do. i know that my phone line works because my other computer connects fine with Juno. i have re-installed Juno and Internet Explorer. BTW...i use Firefox but my bro who also uses my comp uses IE...i plan to switch him to Firefox ASAP.
here is my HijackTHis log:
Logfile of HijackThis v1.98.2
Scan saved at 8:17:25 PM, on 10/18/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\mysql\bin\mysqld-max.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\WINNT\TrayComm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
C:\Program Files\1stQL\1stql.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
D:\Downloaded Apps\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [M2WNotifierService] C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ScreenSaverControl] C:\Documents and Settings\Grande\Local Settings\Temp\ScreensaverControl.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O4 - Startup: 1st QuickLaunch.lnk = C:\Program Files\1stQL\1stql.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
-
October 19th, 2004, 02:40 AM
#2
Junior Member
oops....
oops...forgot to tell yall my OS: Win 2k Pro SP4
:-P
thanx in advance
-
October 19th, 2004, 03:11 AM
#3
Well...
I see 2 things in the log...(although I am NO expert)
One is a remote desktop\access application Real VNC
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
and if you didnt put that there...well then...someone did
The other is .......???? maybe someone else can identify
O4 - Startup: 1st QuickLaunch.lnk = C:\Program Files\1stQL\1stql.exe
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 19th, 2004, 03:13 AM
#4
well first of all. i think you need to go out and get some more stuff to install and make sure it automatically starts up when you start up your machine. i don't think you have enough there.
WHAT IS WRONG WITH YOU?
#1 - the more stuff you have running and starting up, the harded it is to toubleshoot what APP is causing the problem.
#2 - what is the webrelated.htm & 1stql.exe stuff???
#3 - is the are reason for mysql???
i once supported a PC that got infected with some virus/malware and it installed WINVNC. did you install that?
-
October 19th, 2004, 03:22 AM
#5
1stq..............Is that the 1st Quicklaunch app??? If so isn't it a win 95/98 app??
The web related looks suss..........have you looked at the files they point to??
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
October 19th, 2004, 03:34 AM
#6
Junior Member
i installed 1st Quick Lauch. it is a program that allows me to assign keyboard schortcuts to certain programs. i did install WinVNC. i know the risks but my home network is pretty secure. i've been working with mysql recently so there is a point to having that installed. im not sure what webrelated.htm is. should i remove it?
-
October 19th, 2004, 03:53 AM
#7
Those web related entries relate to Alexa there is some info here if you are interested:
http://computercops.biz/postp329653.html
They should be safe to fix with hijack this but i do not think they are related to your connection problems.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
October 19th, 2004, 05:04 AM
#8
Here's a couple of the other running processes that may be questionable:
C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
O4 - HKLM\..\Run: [M2WNotifierService] C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
Mail2World Notifier
By: Mail2World U.S.
Checks Mail2World webmail account, with fast access to M2W on web; minimizes to tray; new-message alerts.
C:\WINNT\TrayComm.exe
http://www.traycomm.com/help.html#Q3
some kind of screensaver?
C:\Program Files\Search Engine Commando\ScheduleService.exe
http://www.searchenginecommando.com
???
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
Looks like these are related.
PPE stands for PCI Performance Enhancer. It is a program of Pinnacle and is used to speed up the performance while using Homevideo programs like Studio 7 or 8 sold by Pinnacle. ppe.exe is located in "C:\Program Files\Pinnacle\PPE\
Answers That Work listed these running procesess as questionable. I'd read their descriptions and determine what course of action you want to take:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
For the web\related.htm files, it looks as if you should get rid of them. I checked across a couple other discussion forums and all recommended to use HiJackThis to fix these:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
That's it for now. I'm getting tired and have work early in the AM. Hopefully this helps.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|