Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
Play Blast Billiards on your PC desktop! This downloadable game features six of the best levels from Original, Trick, Ultimate and Deluxe Blast Billiards!
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
 |  Print Topic
Jump to first unread post. Pages: 1
6bigdave
regular


Reg'd: Sat
Posts: 49
Slow running and large font
      #387541 - Sat Mar 08 2008 05:52 PM
Reply to this post Reply   Reply to this post Quote  

Please help. My computer has been working fine since my last need for help. However now it is running very slow and all displays appear in large Safe-Mode font and style.
Please see following hjt file - thanks for any help or advice you can give. D
Logfile of HijackThis v1.99.0
Scan saved at 17:38:01, on 08/03/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\3 MEGA DIGITAL CAMERA\ICON.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE
C:\PROGRAM FILES\XEROX\PAGIS\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\DESKTOP\REPAIR FOLDER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.blueyonder.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JAguAr] PrcIdle.exe
O4 - HKCU\..\Run: [hyandex] iehelper.exe
O4 - HKCU\..\Run: [XTermInit] borlandg.exe
O4 - HKCU\..\Run: [barint] 10010.exe
O4 - HKCU\..\Run: [InpriseMon] xsetup.exe
O4 - HKCU\..\Run: [zxc] gabber.exe
O4 - HKCU\..\Run: [Dwitzy] C:\WINDOWS\Application Data\Mows\xrjf.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: 3 Mega Digital Camera Monitor.lnk = C:\Program Files\3 Mega Digital Camera\ICON.EXE
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2093.exe
O16 - DPF: {7948B58E-1250-706F-9059-27236951FCD9} - http://207.226.177.100/1/gdnGB2093.exe
O16 - DPF: {231EE97F-2B63-687A-9079-38CE0873A69B} - http://207.226.177.100/1/gdnGB1383.exe
O16 - DPF: {28228EEE-B81A-1DE2-8BB4-30DA18ECB3B2} - http://207.226.177.100/1/gdnGB1383.exe
O21 - SSODL: ElDCDMibM - {39DDF950-9377-53FA-18E9-23A06684FF7A} - C:\WINDOWS\SYSTEM\UEGOU.DLL (file missing)

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28583
Loc: belfast
Re: Slow running and large font [Re: 6bigdave]
      #387585 - Sun Mar 09 2008 01:07 PM
Reply to this post Reply   Reply to this post Quote  

please delete your old version of HJT and download the HijackThis Self Extracting zip file from here to your desktop. Double click 'hijackthis_sfx.exe' and select "Unzip".
Please then post a fresh log in this thread by clicking on 'Reply'.

You will find HJT in C:\Program Files\HijackThis

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
6bigdave
regular


Reg'd: Sat
Posts: 49
Re: Slow running and large font [Re: bricat]
      #387617 - Sun Mar 09 2008 06:07 PM
Reply to this post Reply   Reply to this post Quote  

Thanks Bricat
please see new log
Dave


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:36, on 09/03/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\3 MEGA DIGITAL CAMERA\ICON.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE
C:\PROGRAM FILES\XEROX\PAGIS\EREG\REMIND32.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.blueyonder.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JAguAr] PrcIdle.exe
O4 - HKCU\..\Run: [hyandex] iehelper.exe
O4 - HKCU\..\Run: [XTermInit] borlandg.exe
O4 - HKCU\..\Run: [barint] 10010.exe
O4 - HKCU\..\Run: [InpriseMon] xsetup.exe
O4 - HKCU\..\Run: [zxc] gabber.exe
O4 - HKCU\..\Policies\Explorer\Run: [{39DDF94F-0000-2057--002c}] "C:\Program Files\Common Files\{39DDF94F-0000-2057--002c}\Update.exe" mc-110-12-0000272
O4 - HKUS\.DEFAULT\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [JAguAr] PrcIdle.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hyandex] iehelper.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [XTermInit] borlandg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [barint] 10010.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [InpriseMon] xsetup.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [zxc] gabber.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{39DDF94F-0000-2057--002c}] "C:\Program Files\Common Files\{39DDF94F-0000-2057--002c}\Update.exe" mc-110-12-0000272 (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - .DEFAULT Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (User 'Default user')
O4 - .DEFAULT Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE (User 'Default user')
O4 - .DEFAULT Startup: 3 Mega Digital Camera Monitor.lnk = C:\Program Files\3 Mega Digital Camera\ICON.EXE (User 'Default user')
O4 - .DEFAULT Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (User 'Default user')
O4 - .DEFAULT Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe (User 'Default user')
O4 - .DEFAULT Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: 3 Mega Digital Camera Monitor.lnk = C:\Program Files\3 Mega Digital Camera\ICON.EXE
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2093.exe
O16 - DPF: {7948B58E-1250-706F-9059-27236951FCD9} - http://207.226.177.100/1/gdnGB2093.exe
O16 - DPF: {231EE97F-2B63-687A-9079-38CE0873A69B} - http://207.226.177.100/1/gdnGB1383.exe
O16 - DPF: {28228EEE-B81A-1DE2-8BB4-30DA18ECB3B2} - http://207.226.177.100/1/gdnGB1383.exe
O21 - SSODL: ElDCDMibM - {39DDF950-9377-53FA-18E9-23A06684FF7A} - (no file)
O22 - SharedTaskScheduler: Scan Driver32 - {825875B5-93F3-429D-FF34-660B206D897C} - (no file)

--
End of file - 8935 bytes

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28583
Loc: belfast
Re: Slow running and large font [Re: 6bigdave]
      #387669 - Sun Mar 09 2008 11:51 PM
Reply to this post Reply   Reply to this post Quote  

Rerun HJT,and put a checkmark beside these :-

O4 - HKCU\..\Run: [JAguAr] PrcIdle.exe
O4 - HKCU\..\Run: [hyandex] iehelper.exe
O4 - HKCU\..\Run: [XTermInit] borlandg.exe
O4 - HKCU\..\Run: [barint] 10010.exe
O4 - HKCU\..\Run: [InpriseMon] xsetup.exe
O4 - HKCU\..\Run: [zxc] gabber.exe
O4 - HKCU\..\Policies\Explorer\Run: [{39DDF94F-0000-2057--002c}] "C:\Program Files\Common Files\{39DDF94F-0000-2057--002c}\Update.exe" mc-110-12-0000272
O4 - HKUS\.DEFAULT\..\Run: [JAguAr] PrcIdle.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hyandex] iehelper.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [XTermInit] borlandg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [barint] 10010.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [InpriseMon] xsetup.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [zxc] gabber.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{39DDF94F-0000-2057--002c}] "C:\Program Files\Common Files\{39DDF94F-0000-2057--002c}\Update.exe" mc-110-12-0000272 (User 'Default user')
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/gba2093.exe
O16 - DPF: {7948B58E-1250-706F-9059-27236951FCD9} - http://207.226.177.100/1/gdnGB2093.exe
O16 - DPF: {231EE97F-2B63-687A-9079-38CE0873A69B} - http://207.226.177.100/1/gdnGB1383.exe
O16 - DPF: {28228EEE-B81A-1DE2-8BB4-30DA18ECB3B2} - http://207.226.177.100/1/gdnGB1383.exe
O21 - SSODL: ElDCDMibM - {39DDF950-9377-53FA-18E9-23A06684FF7A} - (no file)
O22 - SharedTaskScheduler: Scan Driver32 - {825875B5-93F3-429D-FF34-660B206D897C} - (no file)

now close all windows and browsers and click FIX CHECKED


then :-

Please download the trial version of AVG Anti-Spyware. from
here.
Install it and
update the program with the latest definitions.

Reboot your computer in "SAFE MODE" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:

  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the :Apply all actions button.
If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report.
So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop.
    The default file name will be in date/time format: Report-Scan-200706-1606.
    A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
  • If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\

Exit AVG Anti-Spyware when done, reboot normally and post the AVg log report and a new HijackThis log.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
6bigdave
regular


Reg'd: Sat
Posts: 49
Re: Slow running and large font [Re: bricat]
      #388366 - Sat Mar 15 2008 12:14 PM
Reply to this post Reply   Reply to this post Quote  

Thanks Bricat
I have "fix checked" the hjt log, but I am unable to open the AVG anti-Spyware download as it requires "Windows 2000 SP4 + Update Rollup Pack" to do so. I have downloaded the Windows 2000 SP4 + Update Rollup Pack, but I get the following error message when trying to open it - "The W2SP4SYM_EN.EXE file is linked to missing export NTDLL.DLLNtShutdownSystem". Can you advise me what to do?
Thanks again
Dave

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28583
Loc: belfast
Re: Slow running and large font [Re: 6bigdave]
      #388375 - Sat Mar 15 2008 01:37 PM
Reply to this post Reply   Reply to this post Quote  

my mistake, sorry i thought avg AS would run on windows ME.

obviously it won't,

can you post a fresh HJT log and let me know how it is running.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
6bigdave
regular


Reg'd: Sat
Posts: 49
Re: Slow running and large font [Re: bricat]
      #388379 - Sat Mar 15 2008 02:53 PM
Reply to this post Reply   Reply to this post Quote  

Thanks Bricat
it's running faster but still the overall display remains in a large, safe-mode type appearance.
Please see new hjt log.
Thanks again
Dave.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:26, on 15/03/2008
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\3 MEGA DIGITAL CAMERA\ICON.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE
C:\PROGRAM FILES\XEROX\PAGIS\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.blueyonder.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - .DEFAULT Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (User 'Default user')
O4 - .DEFAULT Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe (User 'Default user')
O4 - .DEFAULT Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE (User 'Default user')
O4 - .DEFAULT Startup: 3 Mega Digital Camera Monitor.lnk = C:\Program Files\3 Mega Digital Camera\ICON.EXE (User 'Default user')
O4 - .DEFAULT Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (User 'Default user')
O4 - .DEFAULT Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe (User 'Default user')
O4 - .DEFAULT Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\nsched32.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: 3 Mega Digital Camera Monitor.lnk = C:\Program Files\3 Mega Digital Camera\ICON.EXE
O4 - Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Xerox\Pagis\Ereg\REMIND32.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

--
End of file - 7340 bytes

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28583
Loc: belfast
Re: Slow running and large font [Re: 6bigdave]
      #388423 - Sat Mar 15 2008 10:37 PM
Reply to this post Reply   Reply to this post Quote  

that looks clean.

try changing your screen resolution, right click your desktop and click on properties. Once the properties box appears, click the tab labeled settings. This is where you can change the screen resolution.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
6bigdave
regular


Reg'd: Sat
Posts: 49
Re: Slow running and large font [Re: bricat]
      #388511 - Sun Mar 16 2008 06:09 PM
Reply to this post Reply   Reply to this post Quote  

Thanks Bricat,
dispite changing the display setting and restarting as advised to, the large font and "safe-mode" type picture quality still remains. In addition upon start up I get the following notices -
Error Starting Program
Arequired DLLfile,C:\PROGRAM FILES\COMMONFILES\MICROSOFT SHARED\MSLU\UNICOWS.DLL was not found
also
Tmtmtsr has caused an error in KERNEL32DLL
Tmtmtsr will now close.
and lastly
Rundll32 has caused an error in MMSYSTEM.DLL
Rundll32 wil now close
Thanks again
Dave

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28583
Loc: belfast
Re: Slow running and large font [Re: 6bigdave]
      #388571 - Mon Mar 17 2008 09:18 AM
Reply to this post Reply   Reply to this post Quote  

To access MSCONFIG, click on "START" then "RUN" and type "MSCONFIG" then click on "OK".

click on the "system.ini" tab at the top.

we need to add this line (in bold) to the BOOT SECTION :-

drivers=mmsystem.dll

click Ok. then reboot.

As this isn't a malware problem i'm afraid i can't go too far with this, you may have to post in the general computer part of the forum, where some of the more techie types should be able to help.

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1

Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
Rate this topic

Jump to


Extra information
2 registered and 26 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Topic views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved