| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 72064 | 2006-08-28 02:04:00 | random lagging | Codex (3761) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 481061 | 2006-08-28 02:04:00 | hmm im not sure whats up really, lags randomly, so yea, heres the log: Logfile of HijackThis v1.99.1 Scan saved at 12:59:55 p.m., on 28/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\WhatPulse\WhatPulse.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX00.072\Hijack This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{50E6958B-776B-41B6-A268-8638DF65E905}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBFE7612-4B46-468F-83FC-3E9CC9533FE5}: NameServer = 202.27.158.40 202.27.156.72 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) anybody got any ideas please? O_o |
Codex (3761) | ||
| 481062 | 2006-08-29 10:11:00 | Hey Codex. Have you tried defragging your hard drive yet? Cheers :) P.S. For HJT log analysis, refer to my signature |
Renmoo (66) | ||
| 481063 | 2006-08-29 10:25:00 | Whats this program? C:\Program Files\Last.fm\LastFM.exe These dont have to run on startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - Get the update www.java.com:80 Hmm the url links dont work properly. Altho its up to 08. BUT it's not on this site. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background The mobo isnt a SIS based one is it? These can lag a system. |
Speedy Gonzales (78) | ||
| 481064 | 2006-08-31 12:19:00 | Hey Codex. Have you tried defragging your hard drive yet? Cheers :) P.S. For HJT log analysis, refer to my signature i defrag my computer monthly ^_^ Whats this program? C:\Program Files\Last.fm\LastFM.exe These dont have to run on startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe - Get the update www.java.com:80 Hmm the url links dont work properly. Altho its up to 08. BUT it's not on this site. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background The mobo isnt a SIS based one is it? These can lag a system. last fm is a thing that uplaods the songd you have played to a profile, last.fm for more info hmmmm the analysis said: O17 - HKLM\System\CCS\Services\Tcpip\..\{DBFE7612-4B46-468F-83FC-3E9CC9533FE5}: NameServer = 202.27.158.40 202.27.156.72 Possibly nasty Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Currently there is no visitor's assessment! Do you know the IP or Domain '202.27.158.40 202.27.156.72'? If not, fix this entry. i dont know what it is aye... |
Codex (3761) | ||
| 481065 | 2006-08-31 19:29:00 | hmmmm the analysis said: O17 - HKLM\System\CCS\Services\Tcpip\..\{DBFE7612-4B46-468F-83FC-3E9CC9533FE5}: NameServer = 202.27.158.40 202.27.156.72 Possibly nasty Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Currently there is no visitor's assessment! Do you know the IP or Domain '202.27.158.40 202.27.156.72'? If not, fix this entry. i dont know what it is aye...Those IPs are the Xtra primary and secondary Domain Name Servers (DNS). |
Jen (38) | ||
| 481066 | 2006-09-03 03:22:00 | Those IPs are the Xtra primary and secondary Domain Name Servers (DNS). OH RIGHT thank god i didnt delete em then lol |
Codex (3761) | ||
| 481067 | 2006-09-03 08:43:00 | Those IPs are the Xtra primary and secondary Domain Name Servers (DNS). What happens if you delete those two entries, Jen? Wouldn't Xtra just recreate them? Cheers :) |
Renmoo (66) | ||
| 481068 | 2006-09-03 10:46:00 | No you would re-create them not Xtra. Either thru the dialup or if you're on a network at home thru the LAN properties. If you're on a network, and you deleted them you wouldnt get on the net. Since they're the ISP's DNS server ip addresses. Until u readd them. |
Speedy Gonzales (78) | ||
| 1 | |||||