Jump to content

slow, strangely running computer


Recommended Posts

In addition to all this I find THat my computer runs realllllly slow when I seem to be doing very simple things. But what I really want to figure out is why my intenet connection(broadband) keeps dissaperring from existance? i have to totally reinstall my modem then make a connection to connect.

On some programs I will not be able to scroll down to the rest of the text. cant use the scrollwheel or the keyboard, no way to go down. the rest of the text on a page ceases to exist to me. Maybe viruses ? someone has to be the expert.

Logfile of HijackThis v1.99.1

Scan saved at 5:19:47 PM, on 4/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\System32\tcpsvcs.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\ups.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\support.com\bin\tgcmd.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\DOCUME~1\GNOBIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\system32\rlmtcs.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iPod\iTunesHelper.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...713/mcfscan.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Link to post
Share on other sites

Hello remba997 and Welcome! :D

Sorry you are having malware trouble.

I am reviewing your log and will reply shortly. In the mean time, we need to move HijackThis from the temp folder to the root of your C:\drive.

C:\DOCUME~1\GNOBIN~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Double-click on My Computer; double-click on your hard drive, (usually the C:\drive) right-click on a blank area, choose New, choose Folder, name the folder hijackthis. Now, place Hijackthis.exe in this folder.

Link to post
Share on other sites

PLEASE PRINT OUT THESE INSTRUCTIONS BEFORE PROCEEDING.

STEP 1:

Please download and install SUPERAntiSpyware here.

1.) During the installation process, the program will prompt you to download any updates, click Yes.

2.) After the update process has completed, a dialog box will state: Database definitions have been updated, click OK.

3.) At the SUPERAntiSpyware Main Menu, click the Preferences button.

4.) Click the General and Startup tab, under Start-Up Options, uncheck both boxes:

Start SUPERAntiSpyware when Windows starts

Show SUPERAntiSpyware icon in system tray

5.) Click the Hi-Jack Protection tab, under Home Page Protection, uncheck both boxes:

Display notification when home page changed

Protect home page from being changed. Changes can be made only here.

6.) Click Close at the bottom of the page.

Don't run SUPERAntiSpyware yet, we will use it later.

STEP 2:

Download the eScan Antivirus Toolkit here.

Save it to the desktop.

Don't run eScan yet, we will use it later.

STEP 3:

Please download ATF Cleaner here.

NOTE: This program is for Windows XP and 2000 only.

Don't run ATF Cleaner yet, we will use it later.

STEP 4:

Please enable all hidden files and folders in Windows. For instructions click here

Now please go to Start, Search, All Files and Folders, scroll down and find "More Advanced Options". Make sure "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" are all checked.

STEP 5:

Please reboot into Safe Mode.

Get into Safe Mode using the F8 Key on your keyboard:

1.) Locate the F8 key on your keyboard and then reboot your PC. (Start, Shutdown, Restart)

2.) As soon as the monitor screen goes black, immediately start tapping the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.

3.) Select the option for Safe Mode using the up down arrow keys.

4.) Then press Enter on your keyboard to boot into Safe Mode.

5.) Perform all the cleaning tasks here and when you are done, reboot PC back into normal mode (Windows).

STEP 6:

From Safe Mode, please close ALL open windows AND browsers, open HijackThis and put checks next to all the following, then click "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\system32\rlmtcs.dll

Now close HijackThis.

STEP 7:

From Safe Mode, open the SUPERAntiSpyware program.

1.) At the SUPERAntiSpyware Main Menu, under Scan for Harmful Software, click the Scan your Computer button, the SUPERAntiSpyware Scanner menu will appear.

2.) Make sure under Scan Location that your correct hard drive letter is checked.

(Example: C:\ - Fixed Drive (NTFS)) The correct hard drive letter should automatically be checked by default.

3.) Under Complete Scan, click Perform Complete Scan.

4.) At the bottom, click Next to start the scan.

NOTE: This scan is very thorough, it will take a while to complete depending on the number of files and folders on the hard drive. Please be patient.

STEP 8:

From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) Double-click on the mwav.exe file saved to the desktop. A WinZip Self-Extractor will appear.

2.) Click Unzip, by default it will extract all the program files to new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky).

3.) A dialog box stating "1xx file(s) unzipped successfully" will appear, click OK. After clicking ok, the eScan AntiVirus Toolkit Utility interface will appear.

4.) With the eScan interface on your desktop, make sure that these boxes under Scan Option are all checked:

Memory

Registry

Startup Folders

System Folders

Services

5.) Check the Drive box, this will create a another Drive box below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.

6.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

7.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. eScan will delete any viruses or trojans it finds.

8.) When the scan has finished, the top window will read Scan Completed. To close the interface, click OK, click Exit, then click Exit again.

STEP 9:

From Safe Mode,

1.) Double-click ATF-Cleaner.exe to run the program.

2.) Under Main choose: Select All

3.) Click the Empty Selected button.

STEP 10:

Now reboot the PC back into Normal Mode (Windows), open HijackThis, click "Do a system scan and save a logfile", copy and paste the contents of the new logfile here for review.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.