File explorer too slow !!!!! need help

Discussion in 'adware, spyware & hijack cleaning' started by texasflood, May 21, 2004.

Thread Status:
Not open for further replies.
  1. texasflood

    texasflood Registered Member

    Joined:
    May 19, 2004
    Posts:
    4
    Hi, i have a little problem with my computer, the windows file is too slow and not responding, i will post my hijack lo to see if anyone can help me. Thanks in advance.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:36:44, on 21-05-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\Programas\Creative\ShareDLL\CtNotify.exe
    C:\Programas\Creative\ShareDLL\Mediadet.exe
    C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programas\NetLimiter\NetLimiter.exe
    C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE
    C:\Programas\Messenger\msmsgs.exe
    C:\WorkPad\hotsync.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=1083108
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=1083108
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://81.211.105.43/index.php?v=5
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
    O1 - Hosts: 81.211.105.69 lender-search.com
    O1 - Hosts: 81.211.105.68 hot-searches.com
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Programas\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] "C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [Client Access Service] "C:\Programas\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programas\IBM\Client Access\cwbinhlp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programas\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programas\IBM\Client Access\cwbwlwiz.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Programas\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [mmtask] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Programas\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HotSync Manager.lnk = C:\WorkPad\hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Programas\WebRebates\System\Temp\topr1150_script0.htm
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bongas.empresa
    O17 - HKLM\Software\..\Telephony: DomainName = Bongas.empresa
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC99A068-53B7-44F7-9E4B-4F38C210D5DD}: NameServer = 194.65.3.20,194.65.3.21
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Bongas.empresa
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Bongas.empresa
     
    texasflood, May 21, 2004
    #1
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi texasflood,

    Can you first download this program? :

    CWShredder

    Repost another hijackthis log after doing so

    Thnx

    Cheers,
     
    Unzy, May 21, 2004
    #2
  3. texasflood

    texasflood Registered Member

    Joined:
    May 19, 2004
    Posts:
    4
    Thansk a lot for you help. i did downlaod the program and there's the log after running it.

    Logfile of HijackThis v1.97.7
    Scan saved at 14:20:31, on 21-05-2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\Programas\Creative\ShareDLL\CtNotify.exe
    C:\Programas\Creative\ShareDLL\Mediadet.exe
    C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Programas\NetLimiter\NetLimiter.exe
    C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programas\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE
    C:\Programas\Messenger\msmsgs.exe
    C:\WorkPad\hotsync.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allmusic.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Programas\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CTStartup] "C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE" /run
    O4 - HKLM\..\Run: [Client Access Service] "C:\Programas\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programas\IBM\Client Access\cwbinhlp.exe"
    O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programas\IBM\Client Access\cwbckver.exe" LOGIN
    O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programas\IBM\Client Access\cwbwlwiz.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Programas\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [mmtask] C:\Programas\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Programas\Creative\NOMAD Jukebox Zen (USB2.0)\PlayCenter2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HotSync Manager.lnk = C:\WorkPad\hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Web Rebates - file://C:\Programas\WebRebates\System\Temp\topr1150_script0.htm
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bongas.empresa
    O17 - HKLM\Software\..\Telephony: DomainName = Bongas.empresa
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC99A068-53B7-44F7-9E4B-4F38C210D5DD}: NameServer = 194.65.3.20,194.65.3.21
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Bongas.empresa
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Bongas.empresa
     
    texasflood, May 21, 2004
    #3
  4. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Fix these as well :

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programas\MyWay\myBar\1.bin\MYBAR.DLL

    Restart PC after doing so and remove :

    C:\Programas\MyWay\ <- this folder

    Hope all is well again

    Cheers,
     
    Unzy, May 22, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...