>
New Topic
>
Reply<
Esato Forum Index
>
General discussions >
Non mobile discussion
> cycovision - pc help thread
Bookmark topic
lol, im an idiot... i get what you meant... take out all the one you m,entioned except one of them..... duh!
Then what next?
--
Posted: 2006-02-15 20:12:05
Edit :
Quote
yeah, i meant you've got multiple entries calling the same .dll file, you only need one. For god's sake don't take everything else out, your PC will end up knackered!!
Right, after you've done that just reboot and get the antivirus installed and scanning
--
Posted: 2006-02-15 20:18:08
Edit :
Quote
lol, im a plonker i know...
will do all that and post back in a a few mins
Cheers
--
Posted: 2006-02-15 20:19:10
Edit :
Quote
hiya, back now, whats next cyco?
Ive run the antiuvirus, one trojan found and deleted...
Do i rerun the hijack program now?
Thanks
lee
--
Posted: 2006-02-15 21:22:47
Edit :
Quote
Yeah, reboot and run hijack this again and we'll make sure that those multiple protocol entries have gone and see if there's anything else that might be slowing it down.
Does it seem any quicker now that the trojan has (hopefully) gone?
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2006-02-15 20:27 ]
--
Posted: 2006-02-15 21:26:47
Edit :
Quote
Hey, i have run Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 20:32:08, on 15/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\BtUsrBdg.exe
C:\WINDOWS\System32\BTSetBootKey.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\steam\steam.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LEEWAL~1\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/pote_x.cab
O18 - Protocol: bw+0 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {97F5B118-F082-4D3D-9661-35F35052AD3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Computer not seeming much quicker yet, but its only the first rebot.
Whats next?
lee
--
Posted: 2006-02-15 21:33:25
Edit :
Quote
along with the help with hijack this mate, can you tell me how to sort out another problem? i had a scsi drive installend with another os on... i have recently removed this scsi from my hdd and when i had it in i had to pick the windows xp pro installantion to run (after the boot screen). even tho i have removed teh drive how do i remove the choice in windows? as far as i am conterned theres only one OS installed now so why am i getting a choice?
Thanks again
Lee
[ This Message was edited by: leeboy13 on 2006-02-15 21:04 ]
--
Posted: 2006-02-15 22:03:53
Edit :
Quote
bump*
--
Posted: 2006-02-16 10:17:10
Edit :
Quote
It looks like 'logitec desktop messenger' is causing a problem since it keeps putting those multiple protocol entries in the registry. Not sure if this is what's making it slow, but it's certainly not right. Do you actually use this app?
Also, I'm not sure about the LXBTtime.dll entry. It appears to be related to your lexmark printer but it is located in a very odd place. It's probably best to download adaware, webroot spysweeper and spybot search and destroy (just google for them) and scan your system for malware. They work like your antivirus; download and install them, update the definitions files and then set them scanning. Webroot is a trial version and it puts a 'guard' running in the background so it's best to uninstall it after it's finished scanning unless you plan to buy it.
As for the start-up issue, you'll need to edit the boot.ini file. It's a bit long winded so I'll describe the procedure later in a seperate post.
--
Posted: 2006-02-16 11:17:00
Edit :
Quote
Hi, thanks for teh advise. I dont use the logitec application so how do i get rid of it?
I have installed no-adware and spy-bot search and destroy. both have been run and updated. I did this before running the second hijack thi that i posted the results too... as you can see my pc is in a bit of a mess, i could really do with getting it completely sorted. Im being such a pain i know. Thanks so much for your help so far.
What i am to do next tho, im very unsure. i'll wait for more advise from yourself mate
Cheers
Lee
p.s. also on start up the pc goes through 'raid' sequences (before the boot screen), these take a while to load (again slowing the startup significantly). i have no raid devices runing so how would i disable this at startup too? If it is possible at all.. and is it good to do this?
[ This Message was edited by: leeboy13 on 2006-02-16 12:47 ]
--
Posted: 2006-02-16 11:54:50
Edit :
Quote
New Topic
Reply
