-
October 8th, 2007, 06:04 AM
#1
Junior Member
Computer Running Slow
I'm hoping that this is the correct place to post this, and if it is, here is my hijackthis logfile...is there anything you guys can help me out with??
I'm using a Dell Inspiron 5150 laptop with Microsoft Windows XP professional version 2002 with Service Pack 2.
CPU 3.06GHz 1.59 GHz, 512MB or RAM
Graphics Card - Mobility RAdeon 9000
Logfile of HijackThis v1.99.1
Scan saved at 12:56:01 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thomas.edu/geninfo/daily.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fw.thomas.edu:8080
F1 - win.ini: run=fntldr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {AEDACC88-63A1-CF9D-A181-590000E6F535} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188149779468
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
-
October 8th, 2007, 01:24 PM
#2
hi get rid of services which you dont need on boot.
start>run>msconfig>startup.Untick ones you dont need.
I dont recognize all services you run but real player is on automatic updates.Idont think you need updates at all on that one.
Mictrosoft updates you can set to update when you want start>control panel>security center>automatic updates and choose notify me for updates and then you download when you are not doing much on pc.
You can manualy stop some processes pressing control alt delete -all 3 at same time, then look processes and click one you dont think you need running at the moment and kill it right clicking on it.
It look like you are downloading few thing too.
This is start.Some of other members will give you more options.
Good luck
-
October 8th, 2007, 01:53 PM
#3
Remove these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thomas.edu/geninfo/daily.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fw.thomas.edu:8080
F1 - win.ini: run=fntldr.exe <---- GATOR Spyware!
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {AEDACC88-63A1-CF9D-A181-590000E6F535} - (no file)
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.3.102.cab
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 8th, 2007, 06:37 PM
#4
What's wrong with the homepage?
It looks like some sort of school thing?
Real security doesn't come with an installer.
-
October 8th, 2007, 07:18 PM
#5
Yeah, I know.. It's just non standard and I like to remove everything.
If things work normally again I'll add things, like the homepage, back.
I noticed the proxy is pointing to an .edu too. Might not be good to remove but it might also be a cause (besides the malware) for the slowness on the whole.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
October 8th, 2007, 07:29 PM
#6
Actually, speaking of the proxy... It looks like it may very well be necessary...
fw.thomas.edu == firewall.thomas.edu?
I would advise that you contact your school's tech support to see if those two settings are required as part of your internet access agrement.
Some schools also require all Windows machines to run a security service that verifies firewall, antivirus, etc.
Real security doesn't come with an installer.
-
October 10th, 2007, 09:50 AM
#7
OK,
CPU 3.06GHz 1.59 GHz, 512MB or RAM
In addition to the above advice, I would suggest that 512Mb is not a large amount of RAM when you are running Windows XP. Personally, I have never built an XP box with less than 1Gb.
1. Use this tool to get rid of the garbage on your box:
http://www.ccleaner.com/
2. Defragment your hard drive.
3. Check your free space on your HDD. You must have at least 20% or 'doze starts to run like a dog.
4. Look at your power saving settings. I don't know that model but the CPU at 3.06/1.59 tells me that it runs at around half speed when on battery power. Make sure that it is not set to this at all times
5. Watch out for background processes such as AV scanning.
Similar Threads
-
By XTC46 in forum Other Tutorials Forum
Replies: 6
Last Post: July 21st, 2005, 02:27 PM
-
By akachuckie in forum The Security Tutorials Forum
Replies: 8
Last Post: February 24th, 2005, 01:47 AM
-
By altotheex13 in forum Miscellaneous Security Discussions
Replies: 30
Last Post: January 28th, 2004, 04:24 PM
-
Replies: 1
Last Post: July 15th, 2002, 03:46 AM
-
By E5C4P3 in forum The Security Tutorials Forum
Replies: 10
Last Post: June 12th, 2002, 04:54 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|