TechSpot

Com running crap lately

By james_k1988
Mar 24, 2005
  1. lately my computer has been running pretty bad. Its happened slowly over time but now its acting really "sluggish". Not as quick as it usually is. But thats bareable obviously, tis not THAT bad lol its mainly the games side. lately my games have been running really sluggish, which makes it really hard to kill people (this is multiplayer btw, medal of honor series mainly) Its as if its lagging, but its not lol same effect though. It hard to explain but its affecting my gameplay, as when i run into someone face-to-face and start guns blazeing, 6 times out of 10 it starts running slower, like not as smooth as it should.

    Now to fix this problem i have done that thread by RBS about spyware remover, adaware,hijackthis etc. but still not much luck.I Also scan reguraraly with AVG Antivirus(free one :p )
    Any ideas on how to make my games run smoother like they once did? lol Thanx :)

    my specs are

    2600+ AMD Sempron
    1024mb DDR Ram
    Foxconn Mobo
    GeForce FX5700VE 256mb

    p.s. i have a feeling some programs are running in my task manager that shouldnt, check it out on the link below, cause im sure the IEXPLORE shouldnt be ther as i use firefox lol

    http://img195.exs.cx/img195/9661/desk1ow.jpg

    Iknow what programs should be there, jus dont kno wot one shouldnt
     
  2. hadley_59

    hadley_59 TS Rookie

    What you are describing sounds like spyware and adware.
    Two good programs for removing this stuff are Spybot Search & Destroy and Ad-Aware SE Personal

    You can get Spybot here:Spybot Search and Destroy

    You can get Ad-Aware here:Ad-Aware SE Personal

    These are both FREE programs.

    Hope this helps.
     
  3. hadley_59

    hadley_59 TS Rookie

    Sorry about my post then. For some reason your's wasn't updated before i posted my previous one.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I agree with you that IEXPLORE.EXE should not be running.
    Click Start/Run and type msconfig and click OK.
    See if IE is started anywhere in there.
    The one questionable process I found is wbload.exe, unless you run WindowBlinds.
    Post a HJT log if you like.
    How to post your Hijackthis log-files.
     
  5. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    Wb

    yea i have windows blinds, tahts why my start bar looks so fancy :p lol heres my hijack this log


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\James\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R3 - URLSearchHook: HyperSearchHook - {8426B167-057E-45CB-9D90-1327F19CBAAF} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6516472B-AE39-8956-18C1-B10915E848CB} - C:\DOCUME~1\James\APPLIC~1\AMENOO~1\Okayvga.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
    O4 - HKLM\..\Run: [AVG7_EMC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [deletewarnbikebleh] C:\Documents and Settings\All Users\Application Data\4 mode delete warn\stop meow.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AnteDate] C:\DOCUME~1\James\APPLIC~1\infojunk\VCBASHPLAN.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111428820654
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    justr noticed that half the stuff thats ther wosnt ther last time i looked lol
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  7. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    mug?

    wtf u talkin about "you have one ugly mug" i never even put a pic up. And i have already done that, i done that ages ago (the stuff ont aht thread that is) but ill do it again jus incase. And about norton, i installed it ages ago but it fu*ked up and whenever i uninstall it i lose my internet access. Something about Norton internet security pish, but would running that and avg slow it down? as norton never seems to appear (besides SOMETIMES when it says an error message reading "Norton does not support this repair feature")

    yea back to this mug thing, what the hell are you talkin about lol
     
  8. patio

    patio TS Maniac Posts: 482

    Can you run your games with WBlinds disabled and see if there's a difference?
    I seem to recall a post from a gaming forum that it tends to run away with resources.

    patio. :cool:
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    James, I was referring to your AVATAR :D

    Here is the lowdown on your slow PC (probably missed a few as well):

    You should read my signature:
    C:\Documents and Settings\James\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    There are a bunch of updaters running, that you can switch off.
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

    You have 2 messenger programs running at the same time, one is enough:
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe

    You have unnecessary 'eye-candy' running:
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.ex e" /StartupJobs

    You have IE running as well as Firefox, FF alone is enough:
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    You have ADWARE and propably SPYWARE running:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
    R3 - URLSearchHook: HyperSearchHook - {8426B167-057E-45CB-9D90-1327F19CBAAF} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
    O2 - BHO: (no name) - {6516472B-AE39-8956-18C1-B10915E848CB} - C:\DOCUME~1\James\APPLIC~1\AMENOO~1\Okayvga.exe
    O4 - HKLM\..\Run: [deletewarnbikebleh] C:\Documents and Settings\All Users\Application Data\4 mode delete warn\stop meow.exe
    O4 - HKCU\..\Run: [AnteDate] C:\DOCUME~1\James\APPLIC~1\infojunk\VCBASHPLAN.exe

    You have been Hijacked etc:
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing

    And of course you have NORTON crap running.
    No wonder your PC runs crap with all this ballast!

    After you get rid of all the junk, post a clean log.
     
  10. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    here we go

    right i went through it all and checked all the stuff, and of course i had problems lol. first off after clicking the fix checked i rescanned and the O10 ones were still ther (hijack one), i kept trying but they werent for going away. Next as i was fixing it all for the first time it said something about a BHO couldnt be deleted, and it recommended spybot. But after scanning again it was gone, so im not sure if its actually away or if its just hideing it. And i'd like to keep my eye candy :p as it didnt affect the performance before, plus it looks kool lol I'm about to try and uninstall norton while keeping my internet access and see how that goes, i'll post a log once i've tried it. Plus i got a program called WINSOCK or something thats supposed 2 help, so ill keep you updated

    p.s. lucky u werent talkin about me m8, woulda had to come over there and give you what for :knock: hehe jus kiddin
     
  11. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    weird

    right i dont know why but it actually worked as it should lol i uninstalled it and my internet never cut off. But it did last time (last 5 times), although that wos a while ago a guess. Anyways here is my new and hopefulyl improved hijackthis log
    oh and the 2 that wouldnt delete, the O10 hijacked ones, the message tells me to try spybot, so i ran it to see if it would help(and got the thing i always get, 5 entries of DSO Exploit , every time i scan i get that lol and fixin them dont help either, it says it does but its talkin out its **** lol).

    Here are the results

    Logfile of HijackThis v1.99.0
    Scan saved at 17:27:09, on 26/03/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\documents and settings\james\local settings\temp\yBNs.exe
    C:\documents and settings\james\local settings\temp\yBNs.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\James\My Documents\Hijcakthisnummer\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
    O4 - HKLM\..\Run: [AVG7_EMC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [yBNs] C:\documents and settings\james\local settings\temp\yBNs.exe
    O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
    O4 - HKLM\..\Run: [yBNs.exe] C:\documents and settings\james\local settings\temp\yBNs.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111428820654
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    p.s. a bit of good news, IEXPLORE seems to be off my processes list, usually its always there and when i try to close it, it just ocmes back lol anyway i'll go and try out some games and see if its running any better
     
  12. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    My previous post was just pointing out all the reasons why your PC was running so poorly.
    It was NOT the advise for HJT problem-solving. Anyway, you got rid of some baddies already.
    BUT, when I say follow instructions EXACTLY, I expect people to do this!
    The instructions for both your O10 problems are in my post!

    Maybe you should consider installing SP2 (this includes SP1).

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    yBNs.exe
    swwhost.exe
    SNDSrvc.exe

    Next, run HJT on its own and let it 'fix' if still there:
    C:\documents and settings\james\local settings\temp\yBNs.exe
    C:\documents and settings\james\local settings\temp\yBNs.exe
    O4 - HKLM\..\Run: [yBNs] C:\documents and settings\james\local settings\temp\yBNs.exe
    O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe
    O4 - HKLM\..\Run: [yBNs.exe] C:\documents and settings\james\local settings\temp\yBNs.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1111428820654
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab32846.cab
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.

    Empty the "Temp" folder:
    C:\Documents and Settings\{user}\Local Settings\Temp

    In Internet Explorer, click on Tools/Internet options and
    empty your Temporary Internet Files, all Offline content and delete Cookies.

    Download/install/run OmegakillerSW from http://www.short-media.com/review.php?r=252&p=3
    Read the instructions on that page first, please!
    That should get rid of your O10 - Hijacked Internet access by New.Net

    Download/install/run LSPFix from http://cexx.org/lspfix.htm
    1. Run LSPFix.
    2. Check 'I know what I'm doing'.
    3. Select 'xfire_lsp_9733.dll'.
    4. Click the right-pointing arrow (moves it to the "remove" page).
    5. Click 'Finished'.
    6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
    7. Delete the following file: 'xfire_lsp_9733.dll'
    8. Restart your computer and bring it up in normal mode.
    That should get rid of your O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
     
  13. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    aaaaaaaaaaaaaaaaaaaaaaaa

    now now no need to get touchy lol i done everything you said, but the thing is when i used that omegakiller thing it found nothing :dead: but everything else seemed to go ok. but i went there to check up on how it was going, so i scanned with hijack this and heres what i got

    Logfile of HijackThis v1.99.0
    Scan saved at 17:43:47, on 27/03/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\James\My Documents\Hijcakthisnummer\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O1 - Hosts: 127.0.0.41 active-max.com
    O1 - Hosts: 127.0.0.238 www.active-max.com
    O1 - Hosts: 127.0.0.84 allaboutsearching.com
    O1 - Hosts: 127.0.0.230 amazingautossearch.com
    O1 - Hosts: 127.0.0.48 www.amazingautossearch.com
    O1 - Hosts: 127.0.0.38 www.contexualsearch.com
    O1 - Hosts: 127.0.0.80 crap2.com
    O1 - Hosts: 127.0.0.205 www.dialup2.com
    O1 - Hosts: 127.0.0.63 www.ecpm.com
    O1 - Hosts: 127.0.0.55 find-quick.com
    O1 - Hosts: 127.0.0.237 www.find-quick.com
    O1 - Hosts: 127.0.0.201 lop.com
    O1 - Hosts: 127.0.0.4 ao.lop.com
    O1 - Hosts: 127.0.0.92 srch.lop.com
    O1 - Hosts: 127.0.0.38 www.lop2.com
    O1 - Hosts: 127.0.0.83 search200.com
    O1 - Hosts: 127.0.0.39 www.mysearchnow.com
    O1 - Hosts: 127.0.0.91 www.netsearchsoft.com
    O1 - Hosts: 127.0.0.242 www.rub.to
    O1 - Hosts: 127.0.0.80 searchexe.com
    O1 - Hosts: 127.0.0.92 www.searchweb2.com
    O1 - Hosts: 127.0.0.91 www.spawnet.com
    O1 - Hosts: 127.0.0.59 tdmy.com
    O1 - Hosts: 127.0.0.212 www.tfil.com
    O1 - Hosts: 127.0.0.245 www.tdko.com
    O1 - Hosts: 127.0.0.225 wrn.net
    O1 - Hosts: 127.0.0.87 www.wrn.net
    O1 - Hosts: 127.0.0.89 www.mp3search.com
    O1 - Hosts: 127.0.0.97 www.lyricsdomain.com
    O1 - Hosts: 127.0.0.241 omega-search.com
    O1 - Hosts: 127.0.0.92 www.omega-search.com
    O1 - Hosts: 127.0.0.72 trinityacquisitions.com
    O1 - Hosts: 127.0.0.36 www.trinityacquisitions.com
    O1 - Hosts: 127.0.0.253 wethere.com
    O1 - Hosts: 127.0.0.88 asearchforyou.org
    O1 - Hosts: 127.0.0.37 www.asearchforyou.org
    O1 - Hosts: 127.0.0.24 intelesearch.com
    O1 - Hosts: 127.0.0.205 www.intelesearch.com
    O1 - Hosts: 127.0.0.83 www.isearchhere.com
    O1 - Hosts: 127.0.0.80 www.iwantosearch.com
    O1 - Hosts: 127.0.0.236 opensearch.org
    O1 - Hosts: 127.0.0.7 searchbee.net
    O1 - Hosts: 127.0.0.227 searchhotsex.com
    O1 - Hosts: 127.0.0.50 www.searchhotsex.com
    O1 - Hosts: 127.0.0.221 ifsearch.com
    O1 - Hosts: 127.0.0.35 www.ifsearch.com
    O1 - Hosts: 127.0.0.203 mastersearcher.com
    O1 - Hosts: 127.0.0.40 look-today.com
    O1 - Hosts: 127.0.0.250 aavc.com
    O1 - Hosts: 127.0.0.247 www.aavc.com
    O1 - Hosts: 127.0.0.56 acjp.com
    O1 - Hosts: 127.0.0.86 www.acjp.com
    O1 - Hosts: 127.0.0.225 www.ecmh.com
    O1 - Hosts: 127.0.0.34 wabu.com
    O1 - Hosts: 127.0.0.59 wabq.com
    O1 - Hosts: 127.0.0.97 maximumexperience.com
    O1 - Hosts: 127.0.0.27 www.maximumexperience.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
    O4 - HKLM\..\Run: [AVG7_EMC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

    now from what i can understand, the O1 's are ok, as its supposed 2 block out bad sites or sumfin,but i have alot of hijacked internet acess :S , i done everything you said, safe mode and all. Any ideas about the O10 's? plus are the O1 's ok , i think they are but better safe than sorry
     
  14. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  15. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    yipee

    i feel like a ******* not looking for it in add remove programs :( lol it was there, and i got rid of all those O1 's , my log is attached. I havnt given it a full test but so far it seems to be running alot better, games wise. Tell me if this log is ok
    it seems alot smaller than before i changed it lol
     
  16. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Congratulations, it's always a pleasure to see a clean log.
     
  17. james_k1988

    james_k1988 TS Rookie Topic Starter Posts: 163

    Thank youuuuuu

    My games seem to be running great now, compared to before anyways. Thank you very much for your patience and help :D

    p.s. OMG i got promoted to Techspot member :-O i feel so pround :-D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...