User Tag List

windows extreme slow

This is a discussion on windows extreme slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. For some time my windows is extreme slow. When I power up the comp in the morning it takes 15


 
 
Thread Tools Search this Thread
Old 08-16-2007, 02:05 AM   #1
Guest
 
Join Date: Aug 2007
Posts: 5
OS:



For some time my windows is extreme slow. When I power up the comp in the morning it takes 15 min so I can start working. It's also slow when I restart it but no so extreme. I have two same computers in the company the second one works fine but this one is a nightmare. I did some scans with Windows Defender, Avira Antivirus, Advanced system optimizer. I also deleted temp directories (safe mode) from windows because there is still some *.exe file running from windows/temp, maybe thats the cause for the slowdown??? here is the text from Hijackthis logfile so you can see if there is any unusual thing running. sorry for my bad English. please help

Logfile of HijackThis v1.99.1
Scan saved at 10:44:13, on 16.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programske datoteke\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programske datoteke\AntiVir\avguard.exe
C:\Programske datoteke\AntiVir\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TY21F9.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Programske datoteke\Windows Defender\MSASCui.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Programske datoteke\AntiVir\avgnt.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programske datoteke\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://insemserver:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://insemserver:4343/officescan/...tall/setup.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gu...hslDigSigX.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://insemserver:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gu...ets/msxml4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - https://l00kl23.com/default.cab?uid=7&id=56119&1s
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://insemserver:4343/SMB/console...oot/AtxEnc.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.ajpes.si/nastavitve/capicom.cab
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[21683]/Controls/ESignDocControls/hslESignDoc2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD65363-DE6D-4502-AAE2-83B23C22A884}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programske datoteke\AntiVir\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programske datoteke\AntiVir\avguard.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
Peterk28 is offline  
Sponsored Links
Advertisement
 
Old 08-16-2007, 05:28 PM   #2
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3



Hi
I can see one piece of malware that needs to come out..

Please download FixWareout from one of these sites:
https://downloads.subratam.org/Fixwareout.exe
https://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads Save the text that will open (report.txt) to your desktop.


1) Go to Start > Control Panel >Network Connections. Right click your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on Properties.
* Make a note of the settings before you change them just in case you need to put them back how they were.
Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.

2) Go to Start > Run, enter CMD and click OK.
At the Dos Prompt Screen, type in cd\ and then press <ENTER>.
Now type in ipconfig /flushdns and then press <ENTER>. (notice the space after ipconfig)
Close the command prompt window.


When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD65363-DE6D-4502-AAE2-83B23C22A884}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12



Should you have problems connecting to the internet after the fix, follow these instrutions.

Please go to Start -> Control Panel Network Connections. Rightclick on your default connection (usually Local Area Connection or Dial-up Connection if you are using Dial-up) and leftclick on Properties. Doubleclick on the Internet Protocol (TCP/IP) item and select the button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.


In your next reply, please include a fresh Hijackthis log and report.txt. Thanks
__________________
__________________
Eddy
Pancake is offline  
Old 08-17-2007, 02:23 AM   #3
Guest
 
Join Date: Aug 2007
Posts: 5
OS:



I followed your instructions, but at the part when i must go to cmd and run
ipconfig /flushdns i press enter and yes it does something and then i close CMD manualy, but the system doesn't reboot nore it does give me any instructions after manual reset.

but i figured out some things about thel slow windows loading process. i think that the Trend micro damage cleanup process is responssible for that. Thats because the system is ok after TSC.exe loads, scans and the closes. Before that I can't do nothing.
We recently updated Trend Micro Client Server Security for SMB Version: 3.6 Build: 1095

how to remove the malware you found (by the way this strings i should remove have listed the DNS from my provider, is it ok to delete them), and what's with that +.exe wich is running from windows/temp/, it's always a different named file in this case PIB6A2.EXE


Fixwareout Report

Username "Admin" - 17.08.2007 10:15:28 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

Razreševalec predpomnilnika DNS je bil uspešno izpraznjen.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)

....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Logfile of HijackThis v1.99.1
Scan saved at 10:55:27, on 17.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programske datoteke\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Programske datoteke\Windows Defender\MSASCui.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\TEMP\PIB6A2.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programske datoteke\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://insemserver:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://insemserver:4343/officescan/...tall/setup.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gu...hslDigSigX.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://insemserver:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gu...ets/msxml4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - https://l00kl23.com/default.cab?uid=7&id=56119&1s
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://insemserver:4343/SMB/console...oot/AtxEnc.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.ajpes.si/nastavitve/capicom.cab
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[21683]/Controls/ESignDocControls/hslESignDoc2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
Peterk28 is offline  
Sponsored Links
Advertisement
 
Old 08-17-2007, 02:54 AM   #4
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.Post a new log when done

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD65363-DE6D-4502-AAE2-83B23C22A884}: NameServer = 193.189.160.11,193.189.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F67A389-8008-4C61-B6CA-11B89E1DDDA1}: NameServer = 193.189.160.11,193.189.160.12
__________________
Eddy
Pancake is offline  
Old 08-17-2007, 03:54 AM   #5
Guest
 
Join Date: Aug 2007
Posts: 5
OS:



As you can see I did this and only two 017 lines were left (see previous log), and thats because I reenterd my TCP/IP info.

Oky I Run HijackThis again and deleted the remaining two 017 lines but now
the DNS at the TCP/IP config are empty end my connection doesn't work.
I have an fix IP so I can not obtain the IP and DNS automaticly.

Logfile of HijackThis v1.99.1
Scan saved at 12:48:55, on 17.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programske datoteke\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Programske datoteke\Windows Defender\MSASCui.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\RWCD8D.EXE
C:\Programske datoteke\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programske datoteke\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programske datoteke\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://insemserver:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://insemserver:4343/officescan/...tall/setup.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gu...hslDigSigX.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://insemserver:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gu...ets/msxml4.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - https://l00kl23.com/default.cab?uid=7&id=56119&1s
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://insemserver:4343/SMB/console...oot/AtxEnc.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.ajpes.si/nastavitve/capicom.cab
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} (ESignDoc2 Object) - https://edavki.durs.si/PersonalPortal/[21683]/Controls/ESignDocControls/hslESignDoc2.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programske datoteke\Trend Micro\Client Server Security Agent\tmlisten.exe
Peterk28 is offline  
Old 08-17-2007, 04:31 AM   #6
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3



Interesting....Ok.Go back to the backup HJT made and put those entries back in.Put your TCP/IP info setting back in.Where are you located..in the Ukrain ?
__________________
Eddy
Pancake is offline  
Old 08-17-2007, 04:41 AM   #7
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3



Ok.It looks as if this is my mistake.Your dns Is a close match to the one that runs the Wareout malware in the Ukrain.Yous is an Internet Provider in Slovenia.Sorry,my mistake.
__________________
Eddy
Pancake is offline  
Old 08-17-2007, 04:49 AM   #8
Guest
 
Join Date: Aug 2007
Posts: 5
OS:



Yes I'm form Slovenia and the dns in those two lines are indeed the
DNS settings from my provider.
Any suggestions about TSC.exe
Peterk28 is offline  
Old 08-17-2007, 03:44 PM   #9
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3



Quote:
The tsc.exe is a process that belongs to the Trend Micro Damage Cleanup Engine. This process should not be removed.
__________________
Eddy
Pancake is offline  
Old 08-17-2007, 11:09 PM   #10
Guest
 
Join Date: Aug 2007
Posts: 5
OS:



Thank you. I will tell you if I find a solution for quicker boot. On the other PC (its hardware and software is identical) it boots in 1-2 min.
Peterk28 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
pls help... infected by trojan.downloader.adload.hd
hi there, my bit defender pop-up and telling me that my pc infected by trojan.downloader.adload.hd. so can anyone tell me how to remove this trojan? this is my log... Alan Ivan - 06-11-28 10:54:02.83 Service Pack 2 ComboFix 06.11.2.4W - Running from: "C:\Documents and Settings\Alan...
alanivan Resolved HJT Threads 14 12-14-2006 07:27 AM
My Hijack files...what a mess!
My AOL Spycatcher found "Trojan.win32.dialer.hc" and deleted it. I came on here to read about it and make sure it was all gone and when I went to, per your instructions: HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Internet Settings/Zone Map/Domains" all kinds of garbage folders...
Fieldmouse Inactive Malware Help Topics 63 09-25-2006 08:33 PM
spamming
I have avast running on my computer and the email scanner is almost always running. when I checked the details it is scanning outbound email from various internet email accounts none of which are mine and is sending over a thousand at each batch. Nothing is appearing in my outlook express sent box...
colblimp Resolved HJT Threads 11 07-18-2006 07:51 PM
Spyware Quake Attack
Mayday! Or is that April Fools Day? Actually, not yet. This is legit, I'm afraid. I found some removal instructions, but i don't think everything worked right because spyware runs are still showing stuff even though the "main" program is gone (I think). Below is the HJT log. I'll add a panda...
swhit32257 Resolved HJT Threads 61 04-12-2006 03:29 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:01 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts