gopal's Topic - My system became slow

**AnnMarie** · January 13th, 2005, 04:21 PM

gopal
Junior Member

Registered: Dec 2004
Location:
Posts: 19
My system became slow

mine is a win 2000 professional and is connected to lan. previously it use to access fast, now a days it is accessing very slowely , it takes time to open a window, i have problem with internet also initially it gets connected to internet but after 5 min it gets disconnected saying server could not be found or dns error. i can ping as well as type the ip address and open the web site but i am not able to open by dns name, i checked the host file too it is getting displayed as
#*************************************************
*
#
# Stephen Martin's / Mike Meyer's Ad-Blocking Hosts
# August 31, 2003
#
# Before adding these
# entries to your hosts file, please visit
# http://www.accs-net.com/hosts/
#
# Please email new entries to
# [email protected]
#
#*************************************************
*

127.0.0.1 localhost

127.0.0.1 000freexxx.com
127.0.0.1 0190-dialer.com
127.0.0.1 08.185.87.0.liveadvert.com
127.0.0.1 08.185.87.00.liveadvert.com
127.0.0.1 08.185.87.01.liveadvert.com
127.0.0.1 08.185.87.02.liveadvert.com
127.0.0.1 08.185.87.03.liveadvert.com
127.0.0.1 08.185.87.04.liveadvert.com
127.0.0.1 08.185.87.05.liveadvert.com
127.0.0.1 08.185.87.06.liveadvert.com
127.0.0.1 08.185.87.07.liveadvert.com
127.0.0.1 08.185.87.08.liveadvert.com
127.0.0.1 08.185.87.09.liveadvert.com
127.0.0.1 08.185.87.1.liveadvert.com
127.0.0.1 08.185.87.10.liveadvert.com
127.0.0.1 08.185.87.100.liveadvert.com
127.0.0.1 08.185.87.101.liveadvert.com
127.0.0.1 08.185.87.103.liveadvert.com
127.0.0.1 08.185.87.104.liveadvert.com
127.0.0.1 08.185.87.105.liveadvert.com
127.0.0.1 08.185.87.106.liveadvert.com
127.0.0.1 08.185.87.107.liveadvert.com
127.0.0.1 08.185.87.108.liveadvert.com
127.0.0.1 08.185.87.109.liveadvert.com
127.0.0.1 08.185.87.11.liveadvert.com
127.0.0.1 08.185.87.110.liveadvert.com
127.0.0.1 08.185.87.111.liveadvert.com
127.0.0.1 08.185.87.113.liveadvert.com
127.0.0.1 08.185.87.114.liveadvert.com
127.0.0.1 08.185.87.115.liveadvert.com
127.0.0.1 08.185.87.116.liveadvert.com
127.0.0.1 08.185.87.117.liveadvert.com
127.0.0.1 08.185.87.118.liveadvert.com
127.0.0.1 08.185.87.119.liveadvert.com
127.0.0.1 08.185.87.13.liveadvert.com
127.0.0.1 08.185.87.130.liveadvert.com
127.0.0.1 08.185.87.131.liveadvert.com
127.0.0.1 08.185.87.133.liveadvert.com
127.0.0.1 08.185.87.134.liveadvert.com
127.0.0.1 08.185.87.135.liveadvert.com
127.0.0.1 08.185.87.136.liveadvert.com
127.0.0.1 08.185.87.137.liveadvert.com
127.0.0.1 08.185.87.138.liveadvert.com
127.0.0.1 08.185.87.139.liveadvert.com
127.0.0.1 08.185.87.14.liveadvert.com
127.0.0.1 08.185.87.140.liveadvert.com
127.0.0.1 08.185.87.141.liveadvert.com
127.0.0.1 08.185.87.143.liveadvert.com
127.0.0.1 08.185.87.144.liveadvert.com
127.0.0.1 08.185.87.145.liveadvert.com
127.0.0.1 08.185.87.146.liveadvert.com
127.0.0.1 08.185.87.147.liveadvert.com
127.0.0.1 08.185.87.148.liveadvert.com
127.0.0.1 08.185.87.149.liveadvert.com
127.0.0.1 08.185.87.15.liveadvert.com
127.0.0.1 08.185.87.150.liveadvert.com
127.0.0.1 08.185.87.151.liveadvert.com
127.0.0.1 08.185.87.153.liveadvert.com
127.0.0.1 08.185.87.154.liveadvert.com
127.0.0.1 08.185.87.155.liveadvert.com
127.0.0.1 08.185.87.156.liveadvert.com
127.0.0.1 08.185.87.157.liveadvert.com
127.0.0.1 08.185.87.158.liveadvert.com
127.0.0.1 08.185.87.159.liveadvert.com
127.0.0.1 08.185.87.16.liveadvert.com
127.0.0.1 08.185.87.160.liveadvert.com
127.0.0.1 08.185.87.161.liveadvert.com
127.0.0.1 08.185.87.163.liveadvert.com
127.0.0.1 08.185.87.164.liveadvert.com
127.0.0.1 08.185.87.165.liveadvert.com
127.0.0.1 08.185.87.166.liveadvert.com
127.0.0.1 08.185.87.167.liveadvert.com
127.0.0.1 08.185.87.168.liveadvert.com
127.0.0.1 08.185.87.169.liveadvert.com
127.0.0.1 08.185.87.17.liveadvert.com
127.0.0.1 08.185.87.170.liveadvert.com
127.0.0.1 08.185.87.171.liveadvert.com
127.0.0.1 08.185.87.173.liveadvert.com
127.0.0.1 08.185.87.174.liveadvert.com
127.0.0.1 08.185.87.175.liveadvert.com
127.0.0.1 08.185.87.176.liveadvert.com
127.0.0.1 08.185.87.177.liveadvert.com
127.0.0.1 08.185.87.178.liveadvert.com
127.0.0.1 08.185.87.179.liveadvert.com
127.0.0.1 08.185.87.18.liveadvert.com
127.0.0.1 08.185.87.180.liveadvert.com
127.0.0.1 08.185.87.181.liveadvert.com
127.0.0.1 08.185.87.183.liveadvert.com
127.0.0.1 08.185.87.184.liveadvert.com
127.0.0.1 08.185.87.185.liveadvert.com
127.0.0.1 08.185.87.186.liveadvert.com
127.0.0.1 08.185.87.187.liveadvert.com
127.0.0.1 08.185.87.188.liveadvert.com
127.0.0.1 08.185.87.189.liveadvert.com
127.0.0.1 08.185.87.19.liveadvert.com
127.0.0.1 08.185.87.190.liveadvert.com
127.0.0.1 08.185.87.191.liveadvert.com
127.0.0.1 08.185.87.193.liveadvert.com
127.0.0.1 08.185.87.194.liveadvert.com
127.0.0.1 08.185.87.195.liveadvert.com
127.0.0.1 08.185.87.196.liveadvert.com
127.0.0.1 08.185.87.197.liveadvert.com
127.0.0.1 08.185.87.198.liveadvert.com
127.0.0.1 08.185.87.199.liveadvert.com
127.0.0.1 08.185.87.3.liveadvert.com
127.0.0.1 08.185.87.30.liveadvert.com
127.0.0.1 08.185.87.31.liveadvert.com
127.0.0.1 08.185.87.33.liveadvert.com
127.0.0.1 08.185.87.34.liveadvert.com
127.0.0.1 08.185.87.35.liveadvert.com
127.0.0.1 08.185.87.36.liveadvert.com
127.0.0.1 08.185.87.37.liveadvert.com
127.0.0.1 08.185.87.38.liveadvert.com
127.0.0.1 08.185.87.39.liveadvert.com
127.0.0.1 08.185.87.4.liveadvert.com
127.0.0.1 08.185.87.40.liveadvert.com
127.0.0.1 08.185.87.41.liveadvert.com
127.0.0.1 08.185.87.43.liveadvert.com
127.0.0.1 08.185.87.44.liveadvert.com
127.0.0.1 08.185.87.45.liveadvert.com
127.0.0.1 08.185.87.46.liveadvert.com
127.0.0.1 08.185.87.47.liveadvert.com
127.0.0.1 08.185.87.48.liveadvert.com
127.0.0.1 08.185.87.49.liveadvert.com
127.0.0.1 08.185.87.5.liveadvert.com
127.0.0.1 08.185.87.50.liveadvert.com
127.0.0.1 08.185.87.51.liveadvert.com
127.0.0.1 08.185.87.53.liveadvert.com
127.0.0.1 08.185.87.54.liveadvert.com
127.0.0.1 08.185.87.55.liveadvert.com
127.0.0.1 08.185.87.56.liveadvert.com
127.0.0.1 08.185.87.57.liveadvert.com
127.0.0.1 08.185.87.58.liveadvert.com
127.0.0.1 08.185.87.59.liveadvert.com
127.0.0.1 08.185.87.6.liveadvert.com
127.0.0.1 08.185.87.60.liveadvert.com
127.0.0.1 08.185.87.61.liveadvert.com
127.0.0.1 08.185.87.63.liveadvert.com
127.0.0.1 08.185.87.64.liveadvert.com
127.0.0.1 08.185.87.65.liveadvert.com
127.0.0.1 08.185.87.66.liveadvert.com
127.0.0.1 08.185.87.67.liveadvert.com
127.0.0.1 08.185.87.68.liveadvert.com
127.0.0.1 08.185.87.69.liveadvert.com
127.0.0.1 08.185.87.7.liveadvert.com
127.0.0.1 08.185.87.70.liveadvert.com
127.0.0.1 08.185.87.71.liveadvert.com
127.0.0.1 08.185.87.73.liveadvert.com
127.0.0.1 08.185.87.74.liveadvert.com
127.0.0.1 08.185.87.75.liveadvert.com
127.0.0.1 08.185.87.76.liveadvert.com
127.0.0.1 08.185.87.77.liveadvert.com
127.0.0.1 08.185.87.78.liveadvert.com
127.0.0.1 08.185.87.79.liveadvert.com
127.0.0.1 08.185.87.8.liveadvert.com
127.0.0.1 08.185.87.80.liveadvert.com

but i have seen some trouble shoots even the information i see in the host file is also good because it is blocking the unnecessary ad sites.

Plz help me out to sort out this problem

gopal
Junior Member

Registered: Dec 2004
Location:
Posts: 19
system getting slow

I have installed spybot and ad-ware and hijackthis. I scanned the system in safe mode and removed the hide files and folders option from check mark and then scanned.
i donts know wat to delete and wat to fix. this is my log file after doing all this and restarting the system i am getting another error message as :
The web page you are viewing is tryipg to close the window.
Do you want to close this window.
This message is comming regularily even though if i say yes or no.
Please help me out.
Its taking lot of time while reebooting . mine is a win 2k professional and my system is connected in lan.
Thank u.

Logfile of HijackThis v1.99.0
Scan saved at 10:38:36 AM, on 1/11/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\goldenit\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_
7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [ir5ta] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0/4Ãƒ}ÃœÃ€<â‚¬Â§Ã‰oUC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [nKGJ1bh] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\aklsp.dll
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/Insta...nsAssistent.ocx
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Geoff S
Member

Registered: Jun 2002
Location: Colonia, NJ USA
Posts: 95

Try running this file to clean up your Hosts file. You will have to Unzip it first

Attachment: hoster.zip
This has been downloaded 2 time(s).

__________________
MCP, A+,Net+

**AnnMarie** · January 13th, 2005, 04:22 PM

gopal
Junior Member

Registered: Dec 2004
Location:
Posts: 19
my system working slow while booting

downloaded , unzip and run LSPFix.exe and remove aklsp.dll from winsock layers and reboot into Safe Mode and run Hijack and fixed

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [ir5ta] C:\WINNT\uueabxwf.exe

O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0/4Ãƒ }ÃœÃ€< â‚¬Â§Ã‰oUC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

O4 - HKLM\..\Run: [nKGJ1bh] C:\WINNT\uueabxwf.exe

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB

O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/Insta...nsAssistent.ocx

and run a search for and deleted the below folders/files in bold.

C:\WINNT\uueabxwf.exe
C:\Program Files\Admilli Service
C:\WINNT\farmmext.exe
C:\Program Files\ISTsvc

Reboot and post a new log.

Logfile of HijackThis v1.99.0
Scan saved at 8:55:58 AM, on 1/12/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\X-PRO\X-PRO.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_
7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [nKGJ1bh] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

even then my system reeboots slowely tell me wat to do .

mine is a win 2k professional and my system is connected to lan.

Thank q

**AnnMarie** · January 13th, 2005, 04:23 PM

gopal
Junior Member

Registered: Dec 2004
Location:
Posts: 19

My system is still booting slowly

I upgraded ad-ware and configured as u said and rebooted in safe mode
and run the hijackthis, first i got a warning as

an unexpected error has occured at procedure:
modregistry_IniGetStrring(sFile=win.ini, sSection=windows, sValue=load)
Error #70 - Permission denied

Please email me at [email protected], reporting the following:
*what you were doing when the error occured
*how you can reproduce the error
*a complete HijackThis scan log, if possible

Windows version: windows Nt 5.00.2195
MSIE version : 5.00.3315.1000
HijackThis version: 1.99.0

i removed these files

C:\Program Files\ISTsvc
C:\WINNT\uueabxwf.exe

and fixed this problems in hijackthis
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

O4 - HKLM\..\Run: [nKGJ1bh] C:\WINNT\uueabxwf.exe

but still i can see this in hijackthis
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

after scanning
i went for search i coudnt file this file in system but when i do the system scan from hijackthis i can still see that file.

I am posting a new log file this log file is obtained in safe mode with show all hiden files and folder in uncheck from the folder option.

My system is still taking time to reboot.

Logfile of HijackThis v1.99.0
Scan saved at 10:04:52 AM, on 1/13/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_
7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

**AnnMarie** · January 13th, 2005, 04:30 PM

My apologies gopal, I was trying to remove a double post and I ended up accidentally deleting your topic.

I am really sorry but I did manage to salvage most of it.

Boot into Safe Mode and fix the below entry with Hijack This:

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº* Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

Reboot and post a new log. Run Hijack This in normal mode please, I want to see what processes are running when you reboot. Disable your AV and go here and run the online scanner. RAV generates a log file. Please copy the log and post it back in this thread.

**gopal** · January 13th, 2005, 11:21 PM

i scaned the system as u said and i got the following log file.
now tell me how to over come this.

Scan started at 1/14/2005 6:44:19 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\SSK_B5.EXE - TrojanDropper:Win32/Small.NF -> Infected
C:\WINNT\system32\akupd.dll - TrojanDownloader:Win32/Agent.BR -> Infected
C:\WINNT\system32\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\WINNT\system32\aklsp.dll - TrojanDownloader:Win32/Agent.BR -> Infected
C:\WINNT\Temp\farmmext.cab->farmmext.exe - TrojanDownloader:Win32/Stubby.C -> Infected
C:\Documents and Settings\goldenit\Local Settings\Temp\akrules.dll - TrojanDownloader:Win32/Agent.BT -> Infected
C:\Documents and Settings\goldenit\Local Settings\Temp\aklsp.dll - TrojanDownloader:Win32/Agent.BR -> Infected
C:\Program Files\Common Files\bhpcerdp\pnnlplpb\elpptltc.exe - Backdoor:Win32/Agent.AY -> Infected
C:\Program Files\Common Files\bhpcerdp\bnjlbtpfbh\nepbtpntp.exe - Backdoor:Win32/Agent.AY -> Infected
C:\Recycled\Dc36.exe - TrojanDownloader:Win32/Stubby.C -> Infected
C:\Recycled\Dc37.exe - TrojanDownloader:Win32/Stubby.C -> Infected
C:\unzipped\hijackthis\backups\backup-20050112-083118-592.dll - TrojanDownloader:Win32/Small.ZQ -> Infected

Scanned
============================
Objects: 19399
Directories: 1845
Archives: 2385
Size(Kb): 50567
Infected files: 12

Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 297

thanks

**AnnMarie** · January 14th, 2005, 04:21 AM

Download Pocket Killbox from here. Paste the full file path in the box of each file and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" after the last file (do 5 at a time) and reboot.

C:\WINNT\SSK_B5.EXE
C:\WINNT\system32\akupd.dll
C:\WINNT\system32\akrules.dll
C:\WINNT\system32\aklsp.dll
C:\WINNT\Temp\farmmext.cab
C:\Documents and Settings\goldenit\Local Settings\Temp\akrules.dll
C:\Documents and Settings\goldenit\Local Settings\Temp\aklsp.dll
C:\Program Files\Common Files\bhpcerdp
C:\Recycled\Dc36.exe
C:\Recycled\Dc37.exe

Run another RAV scan and post a new Hijack This log in this thread please.

**gopal** · January 14th, 2005, 11:57 PM

As you said i removed the virus from my system and i scanned my system with RAV Antivirus i found no virus on my system but still the system is booting slowly. Tell me how to solve this problem.

Thank you very much in helping me removing virus from my system

**AnnMarie** · January 15th, 2005, 04:51 PM

Please post a new Hijack This log in this thread gopal.

**gopal** · January 16th, 2005, 11:34 PM

While booting near preparing network connection it takes lot of time, i even scanned my system with RAV it is showing that the system is clean with no virus, but still my system is booting slowly.

Logfile of HijackThis v1.99.0
Scan saved at 9:01:04 AM, on 1/17/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\X-PRO\X-PRO.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VNC Server - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

Thank you

**AnnMarie** · January 17th, 2005, 12:21 AM

Hi gopal, you still have a parasitic startup showing in your log. Close Internet Explorer and all open windows and run Hijack This again. Check the below entries and click on Fix Checked.

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts), make sure that you can view hidden files and folders (and System Files), and run a search for and delete the below folders/files in bold.

C:\Program Files\ISTsvc
C:\WINNT\uueabxwf.exe

Reboot and post a new log. Also go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread. (you may need to make two posts).

**gopal** · January 17th, 2005, 02:20 AM

Actually i coudnt find this files after going for search in safe mode as well as in normal mode with showing hidden files and folders but still these file path exist in hijackthis after scanning and fixing it, i tries 2-3 times to fix it since i cant find these name trough search i coudnt delete,

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
ISTsvc.

The new log file is

Logfile of HijackThis v1.99.0
Scan saved at 11:31:18 AM, on 1/17/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: VNC Server - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

"Silent Runners.vbs", revision RED (R28) (Echo output), launched at: 11:42
Operating System: Windows 2000

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]

Startup items in "goldenit" & "All Users" startup folders:
-----------------------------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
C:\Documents and Settings\goldenit\Start Menu\Programs\Startup
"X-PRO" -> shortcut to: "C:\Program Files\X-PRO\X-PRO.exe" [null data]
"Synchronization Manager" = "mobsync.exe /logon" [MS]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"SiS Windows KeyHook" = "C:\WINNT\System32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"Utility Tray" -> shortcut to: "C:\WINNT\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"CrazyTalk Serve" = "rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile" [MS]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"â€º%,â€¹0xEÃ±â‚¬Å*]lÂ£*â€¦aIzâ€šC:\Program Files\ISTsvc\istsvc.exe" = "C:\WINNT\uueabxwf.exe" [file not found]

"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
"WinVNC" = ""C:\Program Files\TightVNC\WinVNC.exe" -servicehelper" ["AT&T Research Labs Cambridge"]
------------------------------------------------------------------

HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = ""
\StubPath = "C:\WINNT\inf\unregmp2.exe /ShowWMP" [MS]
"{6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Alerter, Alerter, "C:\WINNT\System32\services.exe" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
COM+ Event System, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [MS]}
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Computer Browser, Browser, "C:\WINNT\System32\services.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
"Network.ConnectionTray" = "{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
DHCP Client, Dhcp, "C:\WINNT\System32\services.exe" [MS]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [MS]
Distributed Link Tracking Client, TrkWks, "C:\WINNT\system32\services.exe" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
DNS Client, Dnscache, "C:\WINNT\System32\services.exe" [MS]
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
Event Log, Eventlog, "C:\WINNT\system32\services.exe" [MS]
-> resolves to: {CLSID}\InprocServer32\(Default) = "stobject.dll" [MS]
IPSEC Policy Agent, PolicyAgent, "C:\WINNT\System32\lsass.exe" [MS]

Logical Disk Manager, dmserver, "C:\WINNT\System32\services.exe" [MS]
Messenger, Messenger, "C:\WINNT\System32\services.exe" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
Network Connections, Netman, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\netman.dll" [MS]}
INFECTION WARNING! "ExtShellViews\DLLName" = "C:\WINNT\system32\m0rmla911d.dll" [file not found]
Plug and Play, PlugPlay, "C:\WINNT\system32\services.exe" [MS]
INFECTION WARNING! "NavLogon\DLLName" = "C:\WINNT\System32\NavLogon.dll" [null data]

Print Spooler, Spooler, "C:\WINNT\system32\spoolsv.exe" [MS]
Protected Storage, ProtectedStorage, "C:\WINNT\system32\services.exe" [MS]
Remote Access Connection Manager, RasMan, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\rasmans.dll" [MS]}
Remote Procedure Call (RPC), RpcSs, "C:\WINNT\system32\svchost -k rpcss" {"C:\WINNT\system32\rpcss.dll" [MS]}
Remote Registry Service, RemoteRegistry, "C:\WINNT\system32\regsvc.exe" [MS]
Removable Storage, NtmsSvc, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\NtmsSvc.dll" [MS]}
RunAs Service, seclogon, "C:\WINNT\system32\services.exe" [MS]
Security Accounts Manager, SamSs, "C:\WINNT\system32\lsass.exe" [MS]
Server, lanmanserver, "C:\WINNT\System32\services.exe" [MS]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
System Event Notification, SENS, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\sens.dll" [MS]}
Task Scheduler, Schedule, "C:\WINNT\system32\MSTask.exe" [MS]

Startup items in "goldenit" & "All Users" startup folders:
TCP/IP NetBIOS Helper Service, LmHosts, "C:\WINNT\System32\services.exe" [MS]
-----------------------------------------------------------

Telephony, TapiSrv, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\tapisrv.dll" [MS]}
C:\Documents and Settings\goldenit\Start Menu\Programs\Startup
"X-PRO" -> shortcut to: "C:\Program Files\X-PRO\X-PRO.exe" [null data]
VNC Server, winvnc, ""C:\Program Files\TightVNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]

Windows Management Instrumentation, WinMgmt, "C:\WINNT\System32\WBEM\WinMgmt.exe" [MS]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Management Instrumentation Driver Extensions, Wmi, "C:\WINNT\system32\Services.exe" [MS]
"Utility Tray" -> shortcut to: "C:\WINNT\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
Workstation, lanmanworkstation, "C:\WINNT\System32\services.exe" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Alerter, Alerter, "C:\WINNT\System32\services.exe" [MS]
COM+ Event System, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [MS]}
Computer Browser, Browser, "C:\WINNT\System32\services.exe" [MS]
DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
DHCP Client, Dhcp, "C:\WINNT\System32\services.exe" [MS]
Distributed Link Tracking Client, TrkWks, "C:\WINNT\system32\services.exe" [MS]
DNS Client, Dnscache, "C:\WINNT\System32\services.exe" [MS]
Event Log, Eventlog, "C:\WINNT\system32\services.exe" [MS]
IPSEC Policy Agent, PolicyAgent, "C:\WINNT\System32\lsass.exe" [MS]
Logical Disk Manager, dmserver, "C:\WINNT\System32\services.exe" [MS]
Messenger, Messenger, "C:\WINNT\System32\services.exe" [MS]
Network Connections, Netman, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\netman.dll" [MS]}
Plug and Play, PlugPlay, "C:\WINNT\system32\services.exe" [MS]
Print Spooler, Spooler, "C:\WINNT\system32\spoolsv.exe" [MS]
Protected Storage, ProtectedStorage, "C:\WINNT\system32\services.exe" [MS]
Remote Access Connection Manager, RasMan, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\rasmans.dll" [MS]}
Remote Procedure Call (RPC), RpcSs, "C:\WINNT\system32\svchost -k rpcss" {"C:\WINNT\system32\rpcss.dll" [MS]}
Remote Registry Service, RemoteRegistry, "C:\WINNT\system32\regsvc.exe" [MS]
Removable Storage, NtmsSvc, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\NtmsSvc.dll" [MS]}
RunAs Service, seclogon, "C:\WINNT\system32\services.exe" [MS]
Security Accounts Manager, SamSs, "C:\WINNT\system32\lsass.exe" [MS]
Server, lanmanserver, "C:\WINNT\System32\services.exe" [MS]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
System Event Notification, SENS, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\sens.dll" [MS]}
Task Scheduler, Schedule, "C:\WINNT\system32\MSTask.exe" [MS]
TCP/IP NetBIOS Helper Service, LmHosts, "C:\WINNT\System32\services.exe" [MS]
Telephony, TapiSrv, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\tapisrv.dll" [MS]}
VNC Server, winvnc, ""C:\Program Files\TightVNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]
Windows Management Instrumentation, WinMgmt, "C:\WINNT\System32\WBEM\WinMgmt.exe" [MS]
Windows Management Instrumentation Driver Extensions, Wmi, "C:\WINNT\system32\Services.exe" [MS]
Workstation, lanmanworkstation, "C:\WINNT\System32\services.exe" [MS]

Thank you

**AnnMarie** · January 17th, 2005, 04:28 AM

gopal, go here and download an earlier version of Hijack This and extract it to it's own folder. I want you to use it instead of v1.99 until I advise otherwise please.

OK, uueabxwf.exe has been deleted but I'm not sure about the ISTsvc folder.

Run Killbox again and paste the full file path of the folder (see below) in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" and reboot.

C:\Program Files\ISTsvc

Close Internet Explorer and all open windows and run Hijack This again. Check the below entry and click on Fix Checked.

O4 - HKLM\..\Run: [Â¢â€°Â¸Ã¯0Ã—ÃˆÂ±Ã‡Ã¨]lÃº*Ã*aÃÅ¾Ã©C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\uueabxwf.exe

Reboot and post a new log. Also post a new Silent Runners log please.

**gopal** · January 17th, 2005, 09:49 PM

Still i am having the same problem i did as u said these are the log files:

"Silent Runners.vbs", revision RED (R28) (Echo output), launched at: 07:14
Operating System: Windows 2000

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"SiS Windows KeyHook" = "C:\WINNT\System32\keyhook.exe" ["Silicon Integrated Systems Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"CrazyTalk Serve" = "rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile" [MS]
"â€º%,â€¹0xEÃ±â‚¬Å*]lÂ£*â€¦aIzâ€šC:\Program Files\ISTsvc\istsvc.exe" = "C:\WINNT\uueabxwf.exe" [file not found]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"WinVNC" = ""C:\Program Files\TightVNC\WinVNC.exe" -servicehelper" ["AT&T Research Labs Cambridge"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = ""
\StubPath = "C:\WINNT\inf\unregmp2.exe /ShowWMP" [MS]
"{6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
-> resolves to: {CLSID}\InprocServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"Network.ConnectionTray" = "{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [MS]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [MS]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> resolves to: {CLSID}\InprocServer32\(Default) = "stobject.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! "ExtShellViews\DLLName" = "C:\WINNT\system32\m0rmla911d.dll" [file not found]
INFECTION WARNING! "NavLogon\DLLName" = "C:\WINNT\System32\NavLogon.dll" [null data]

Startup items in "goldenit" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\goldenit\Start Menu\Programs\Startup
"X-PRO" -> shortcut to: "C:\Program Files\X-PRO\X-PRO.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Utility Tray" -> shortcut to: "C:\WINNT\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Alerter, Alerter, "C:\WINNT\System32\services.exe" [MS]
COM+ Event System, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [MS]}
Computer Browser, Browser, "C:\WINNT\System32\services.exe" [MS]
DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
DHCP Client, Dhcp, "C:\WINNT\System32\services.exe" [MS]
Distributed Link Tracking Client, TrkWks, "C:\WINNT\system32\services.exe" [MS]
DNS Client, Dnscache, "C:\WINNT\System32\services.exe" [MS]
Event Log, Eventlog, "C:\WINNT\system32\services.exe" [MS]
IPSEC Policy Agent, PolicyAgent, "C:\WINNT\System32\lsass.exe" [MS]
Logical Disk Manager, dmserver, "C:\WINNT\System32\services.exe" [MS]
Messenger, Messenger, "C:\WINNT\System32\services.exe" [MS]
Network Connections, Netman, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\netman.dll" [MS]}
Plug and Play, PlugPlay, "C:\WINNT\system32\services.exe" [MS]
Print Spooler, Spooler, "C:\WINNT\system32\spoolsv.exe" [MS]
Protected Storage, ProtectedStorage, "C:\WINNT\system32\services.exe" [MS]
Remote Access Connection Manager, RasMan, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\rasmans.dll" [MS]}
Remote Procedure Call (RPC), RpcSs, "C:\WINNT\system32\svchost -k rpcss" {"C:\WINNT\system32\rpcss.dll" [MS]}
Remote Registry Service, RemoteRegistry, "C:\WINNT\system32\regsvc.exe" [MS]
Removable Storage, NtmsSvc, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\NtmsSvc.dll" [MS]}
RunAs Service, seclogon, "C:\WINNT\system32\services.exe" [MS]
Security Accounts Manager, SamSs, "C:\WINNT\system32\lsass.exe" [MS]
Server, lanmanserver, "C:\WINNT\System32\services.exe" [MS]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
System Event Notification, SENS, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\sens.dll" [MS]}
Task Scheduler, Schedule, "C:\WINNT\system32\MSTask.exe" [MS]
TCP/IP NetBIOS Helper Service, LmHosts, "C:\WINNT\System32\services.exe" [MS]
Telephony, TapiSrv, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\tapisrv.dll" [MS]}
VNC Server, winvnc, ""C:\Program Files\TightVNC\WinVNC.exe" -service" ["AT&T Research Labs Cambridge"]
Windows Management Instrumentation, WinMgmt, "C:\WINNT\System32\WBEM\WinMgmt.exe" [MS]
Windows Management Instrumentation Driver Extensions, Wmi, "C:\WINNT\system32\Services.exe" [MS]
Workstation, lanmanworkstation, "C:\WINNT\System32\services.exe" [MS]

and i didnt getany text log file for hijackthis though i can view the log list in hijackthis window and it is not possible to copy.

Tell me what to do next.

Thank you

**AnnMarie** · January 17th, 2005, 11:26 PM

We are going to edit your registry. If you havent done this before, dont worry you will be fine just so long as you follow my instructions carefully and dont improvise.

Go to Start > Run and type:

Regedt32

and OK. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and and open the Run key. Look in the righthand pane for the below value and delete it.

"â€º%,â€¹0xEÃ±â‚¬Å*]lÂ£*â€¦aIzâ€šC:\Program Files\ISTsvc\istsvc.exe"="C:\WINNT\uueabxwf.exe"

Next, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify. Click on the plus sign by the Notify key and delete the ExtShellViews sub key. Close your registry editor and reboot.

NB Always back up your registry before making any changes. The easiest way to do this is to select the entry that you are going to delete with your mouse and go to File and choose Export. Call it any name that you like (selected branch should be pre-selected) and then send it to a New Folder on your Desktop as a reg file. If you have no further problems, rightclick on the New Folder and delete it. Do NOT doubleclick on a .reg file unless you want to put it back in your Registry.

Run Hijack This again and post a new Hijack This log.

**gopal** · January 18th, 2005, 12:03 AM

I did as you said and i am posting another log file but still my system boots slowly.

Logfile of HijackThis v1.98.2
Scan saved at 9:32:07 AM, on 1/18/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\X-PRO\X-PRO.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis1982\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D1ECF074-A0E2-43A7-9676-6C3F6689B3C8} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: X-PRO.lnk = C:\Program Files\X-PRO\X-PRO.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

Thank you

Thread: gopal's Topic - My system became slow

Thread Tools

Search Thread

Display

gopal's Topic - My system became slow

my stystem boots slowly

My system is booting slowly

My system boots slowly

My system boots slowly

My system boots slowly

My system still boots slowly

Thread Information

Users Browsing this Thread

Posting Permissions