Sponsor for PC Pals Forum

Author Topic: Help my system's a mess!!  (Read 2083 times)

Offline Jaminxz

  • Regular Member
  • **
  • Posts: 124
Help my system's a mess!!
« on: May 31, 2005, 08:39 »
Help my system is a mess! My pc has started to become really slow and sluggish, i orginally thought it was because i used so much disk space but after clearing alot of space i've realised it isn't because of that. right i have a  few problems,

1) i'm sure i've got some sort of adware as i keep getting the same few ads all the time, notably a "real" ad for it's player.

2) the system has become sluggish in all aspects, but mainly when switching between tasks.

3) i recently had to change my firewall and anti virus from ez armour to sygate personal firewall and avg free edition because my subscription expired. Whilst i was trying to uninstall ez i encountered all sorts of problems, it crashed everytime i tried to uninstall it so i stupidly just deleted the content of it's file and tried to delete any exe's i could find that where linked to it. THis just agravated it i think!! now i get laods of messages saying C:\path\name is a trojan etc. Originally i thought it was just some ploy to update my system, but now i guess it's probably right and i do have various tojan's etc.

So if anyone could help me out i'd greatly apprechiate it!! i'll enclose me log below and if anyone can give me a few pointers on what to do i'll be extatic,

thanks  

Jaminxz

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\switpa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Benjamin\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {342EBB9F-5B4B-28BD-5916-BE091F69E949} - C:\DOCUME~1\Benjamin\APPLIC~1\DOGWAY~1\Less Wave.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: (no name) - {8E929F51-5914-11D6-971F-0050FC3F9161} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SupaStatus] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [C73DC3C0] C:\WINDOWS\System32\kepbphnblxdiq.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=020305 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [glue peak 01 obj] C:\Documents and Settings\All Users\Application Data\skipsupportgluepeak\film cake.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Star Downloader] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [error remote] C:\DOCUME~1\Benjamin\APPLIC~1\CURBWA~1\INTERNETRULEUP.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_8742.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://download.yahoo.com/dl/installs/bt/yregucfg.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1100027633078
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/212fe581768d030be419/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098967853570
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://cis.liv.ac.uk/jinitiator/jinit.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38125.443912037
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab

Offline DJ

  • Established Member
  • ****
  • Posts: 1448
Help my system's a mess!!
« Reply #1 on: May 31, 2005, 09:26 »
Hi

I put your log through http://www.hijackthis.de and got the following analysis...

http://www.hijackthis.de/logfiles/1c4eb04872ae5a581e0b01b3b0b8fa14.html

(Your analysis will only be there for 3 days)

Theres certainly some spyware that you need to correct.

I would wait for advice from a 'techie' on this forum to make sure, but before you do anything make sure you have backups!!

Good Luck

DJ

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Help my system's a mess!!
« Reply #2 on: May 31, 2005, 09:29 »
Unfortunately, our HijackThis expert is no longer with us, but looking down your log, this one certainly looks iffy (edit:- along with what DJ just posted):-

O4 - HKLM\..\Run: [glue peak 01 obj] C:\Documents and Settings\All Users\Application Data\skipsupportgluepeak\film cake.exe

Unless it's something you put there, and know what it is, you'll need to remove the folder and the registry entry, and also check that it's not in your startup folder, in your Start menu.

Following that, I would suggest reinstalling EZ Armour, and then trying to remove it again, but make sure it's not running when you uninstall it.

I would then run scans with Ad Aware and Spybot S&D to see what else can be found, updating them first, of course.

There are many free online trojan scanners available, but beware that some of them may actually report a false positive, to try to get you to buy their program.  I'm afraid I've never actually used any of them, but the first one I came across using Google, is this one.  Sygate should also alert you if any trojans try to send or receive data to / from your PC.

Hope that's of some help - perhaps one of our experts might be able to assist you further, later.  :)
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Scotty_CFC

  • Regular Member
  • **
  • Posts: 85
Help my system's a mess!!
« Reply #3 on: May 31, 2005, 11:09 »

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Help my system's a mess!!
« Reply #4 on: May 31, 2005, 12:58 »
Once you have sorted it out from DJ and the others suggestions then it looks like your Real Ad may be coming because you have this in :

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

If you use Real Player then I would reccommend that you uninstall it and install Real Alternative instead from here :

http://www.free-codecs.com/download/Real_Alternative.htm

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Help my system's a mess!!
« Reply #5 on: May 31, 2005, 13:23 »
Or, if you want to keep the 'real' Real Player, you can go into the options and stop it from checking for updates.  :)
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Help my system's a mess!!
« Reply #6 on: May 31, 2005, 14:15 »
Why would anyone want to keep or use Real Player when they can use Real Alternative to do the same thing without all the unwanted stuff that comes with Real Player  :?

Similarly if you need to play .mov files from Quicktime then use Quick Alternative.

I would rather have control over what the programs do on my pc than have them doing their own thing and adding unnecessary extra stuff  :roll:

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Help my system's a mess!!
« Reply #7 on: May 31, 2005, 19:23 »
Quote from: "Simon"
Unfortunately, our HijackThis expert is no longer with us,


 :shock:  :shock:  :shock:  :shock:  :?:  :?:  :?:  :?:
Out of all the things I've lost .......I miss my mind the most!!

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Help my system's a mess!!
« Reply #8 on: May 31, 2005, 19:25 »
Simons referring to Dack, Michelle  :(

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Help my system's a mess!!
« Reply #9 on: May 31, 2005, 19:27 »
I know,  what does he mean no longer with us??? what happened?
Out of all the things I've lost .......I miss my mind the most!!

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Help my system's a mess!!
« Reply #10 on: May 31, 2005, 19:29 »
:lol:  Nothing serious, Michelle!  Work priorities, which took him abroad.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Help my system's a mess!!
« Reply #11 on: May 31, 2005, 19:30 »
Dont worry Michele hes still alive, its just that with the new baby and working on a contract in America for a few months, he doesnt have time to help us out on Pals anymore  :(

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Help my system's a mess!!
« Reply #12 on: May 31, 2005, 19:34 »
awwww thats a shame, he was good too.  Glad he's alive and kicking though  :laugh:

Talking of that I've not seen Adept for months either
Out of all the things I've lost .......I miss my mind the most!!

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Help my system's a mess!!
« Reply #13 on: May 31, 2005, 20:24 »
Quote from: "Michelle"
Talking of that I've not seen Adept for months either

Join the club!!   :laugh:   Sean (Adept) left before we changed to the new software.  He felt he could no longer be a part of PC Pals due to other commitments.  He did leave a rather large gap to fill, as he was the one who did all the proper Admin stuff, like dealing with the software, hosts, etc, as well as being a good techie.  There's little doubt that we owe Sean a huge debt of gratitude, as he was instrumental in setting up PC Pals in the first place, but now we have Sam, who has filled the role admirably, and we hope will continue to do so.

If you're going to continue counting missing members, we could be in for a long night, Michelle!  :blondie:  :lol:
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Help my system's a mess!!
« Reply #14 on: May 31, 2005, 20:33 »
:lol:  Well it did seems as if Sam had taken over as Sean, but he's not as goodlooking  :laugh:  :laugh: jk and its spelt wrong  :blush:

Anyway you started it, saying that Dack was no longer with us!  :P

So where's .................... no thats it for now  8)
Out of all the things I've lost .......I miss my mind the most!!


Show unread posts since last visit.
Sponsor for PC Pals Forum