i tried this using 'BLACK VIPER's' suggestions on profiles and set this for "safe" using his guidelines and when i am connected and running one ie window it is showing using 91% memory usage, that seems pretty high, is there anything I can do to lower THAT value . I went to services to see what was running and I counted 31 out of I don't know how many. wish there was more I could get rid of >>>>>>>>>>.......thanks for any thoughts or ideas ect.\\
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
91% of memory in use
- Thread starter joystick8
- Start date
Run Hijack This! and post the log results here.
- Thread starter
- #3
hi, thanks for the help. just wanted to include this. right after I ran hijackthis an error came up it said "windows explorer has had a problem and needs to close" I pressed ok and it flickered a second or two and then everything seemed to be alright
anyway I will send the results of the scan in the next post
anyway I will send the results of the scan in the next post
- Thread starter
- #4
Logfile of HijackThis v1.97.3
Scan saved at 2:53:51 PM, on 10/19/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", " (C:\Documents and Settings\Walt\Application Data\Mozilla\Profiles\default\5dfgjuoe.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
; (C:\Documents and Settings\Walt\Application Data\Mozilla\Profiles\default\5dfgjuoe.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\propelac.exe"
O4 - Startup: Eyetide Launcher.lnk.disabled
O4 - Global Startup: Instant Update Reminder.lnk.disabled
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {ABE7922F-B1EA-11D0-8063-00AA001F495F} (HelloW Class) - O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - O16 - DPF: {E5EF1E59-8AFD-425A-9F30-817FD6507215} - O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE2D863-0142-473D-8185-FD51C6771CFB}: NameServer = 205.152.228.252 205.152.132.235
Scan saved at 2:53:51 PM, on 10/19/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", " (C:\Documents and Settings\Walt\Application Data\Mozilla\Profiles\default\5dfgjuoe.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
; (C:\Documents and Settings\Walt\Application Data\Mozilla\Profiles\default\5dfgjuoe.slt\prefs.js)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OWS Setup CmdLine] "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg "Office 2000 Server Extensions"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\propelac.exe"
O4 - Startup: Eyetide Launcher.lnk.disabled
O4 - Global Startup: Instant Update Reminder.lnk.disabled
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {ABE7922F-B1EA-11D0-8063-00AA001F495F} (HelloW Class) - O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {D6526FE0-E651-11CF-99CB-00C04FD64497} (Microsoft MSChat Control Object) - O16 - DPF: {E5EF1E59-8AFD-425A-9F30-817FD6507215} - O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE2D863-0142-473D-8185-FD51C6771CFB}: NameServer = 205.152.228.252 205.152.132.235
- Thread starter
- #5
![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
First, given the number of services shown in your post above, it seems unwise to play with them very much. Begin by restoring your service entries to their defaults. Black Viper has a .reg file to restore your services entries, WinAllPro.reg found here: Apply the .reg file by double-clicking and reboot.
Second, I do not see anything that would stop your program access as you described, so the possibility of a services misconfiguration seems high. I would remove these entries using Hijack This!:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
Second, I do not see anything that would stop your program access as you described, so the possibility of a services misconfiguration seems high. I would remove these entries using Hijack This!:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
You could try unchecking "Enable third party browser extensions" in IE/ Tools/ Internet Options/ Advanced/ Browsing.
This specifies that you want to disable features you installed for use with Internet Explorer that may have been created by companies other than Microsoft.
If you encounter problems with Internet Explorer that you cannot resolve, you can use this option to help determine if third-party features are causing the problems without uninstalling the feature. You must restart Internet Explorer after turning this option on or off.
While you are checking with "HiJack This" you may as well run its two friends -
Spybot
Ad-aware
Will check your computer for spyware and adware.
You can reinstall IE in Windows XP by clicking Start, Run and entering the following command:
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\windows\inf\ie.inf
You will need to have your XP CD available. If you re-install remember to update it.
Using SFC /Scannow at the command prompt will help in repairing IE.
This specifies that you want to disable features you installed for use with Internet Explorer that may have been created by companies other than Microsoft.
If you encounter problems with Internet Explorer that you cannot resolve, you can use this option to help determine if third-party features are causing the problems without uninstalling the feature. You must restart Internet Explorer after turning this option on or off.
While you are checking with "HiJack This" you may as well run its two friends -
Spybot
Ad-aware
Will check your computer for spyware and adware.
You can reinstall IE in Windows XP by clicking Start, Run and entering the following command:
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\windows\inf\ie.inf
You will need to have your XP CD available. If you re-install remember to update it.
Using SFC /Scannow at the command prompt will help in repairing IE.
suemccartin
Technical User
Yeah I'd really be wondering about spyware adware that might have been dumped on you. I personally like pestpatrol the tryware version will sniff them all out for you but won't delete them (but you can do that manually as it gives you the exact location). Pestpatrol also does other useful things like sniff out keyloggers and you can turn it on to keep anything new from getting planted on you (makes an amusing "boink" noise when it bounces adware/spyware). Good luck.
- Status
