spankyjo54 Posted August 28, 2011 ID:470177 Share Posted August 28, 2011 I have a real slow computer. I have all kinds of preventions, scanners, etc on my computer but it still is drippy slow even after I do a total scan. First I do a Virus Scan and malware with Viper that does both, but still follow up with Malwarebytes Antimalware, then PC scan with my A1 click PC cleaner, followed by RegVac Registry Cleaner. Then if things speed up I do a disk scan then last a defrag. Lately, none of that has helped. I don't know how I managed it but somehow I got the dang ASK toolbar on my computer, I hate that thing. I did a complete scan and thought I had it all off but after doing a "Hijack this" scan I found more of it. My Viper nor malwarebytes didn't even catch that. I have my pop up adds shut off but I still get pop ups, that's a big "?" in my mind. So since I am just a semi know anything about computers. (not even close). LOL I would appreciate your help. I am using a HP Media Center PC that was given to me after my PC went on the blink. I will use Everest to give you the info you need for it. Motherboard ID 08/29/2005-LakePort-P5LP-LE-00Motherboard Name UnknownBus Type Intel NetBurstBus Width 64-bitReal Clock 200 MHz (QDR)Effective Clock 800 MHzBandwidth 6400 MB/sAward BIOS Type Phoenix - Award BIOS v6.00PGField ValueCPUID Properties CPUID CPU Name Intel® Pentium® D CPU 2.80GHzCPUID Revision 0F44hOS- MS Windows XP Hijack this log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:05:10 PM, on 8/27/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\arservice.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exeC:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exeC:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragmonitorservice.exeC:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragActivityMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\program files\real\realplayer\update\realsched.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\HP_Administrator\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduserR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/embed/hppa/surveyR3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [sBAMTray] "C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe"O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragtaskbar.exe"O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFileO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Bootskins_free.exe\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOMO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [schmaili] C:\Program Files\Schmaili84\schmaili.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [schmaili] C:\Program Files\Schmaili84\schmaili.exe (User 'Default user')O4 - Startup: CNET TechTracker.lnk = C:\Documents and Settings\HP_Administrator\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ashampoo Defrag Service - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 3\defragservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exeO23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe--End of file - 9768 bytesThere has to be something else freeky on this thing somewhere. Thanks Link to post Share on other sites More sharing options...
1PW Posted August 28, 2011 ID:470188 Share Posted August 28, 2011 Hello spankyjo54: Please reply with the amount of RAM in your computer. Your computer may simply lack hardware resources to meet your demands.Please discontinue the use of A1 click PC cleaner and RegVac Registry Cleaner as these could, and perhaps already have, damaged your system's registry. Please uninstall these - soon.The Ask toolbar may simply be uninstalled per their FAQ. and hasn't been considered a threat by MBAM.Here is our FAQ that safely instructs you how to deal with a slowing PC.Please download Oldtimer's latest OTL.exe to your Desktop.To Download/Run OTL:Download the most recent OTL.exe from here.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change only the following settings:Change Drivers to: All. Change Standard Registry to: All. Under File Scans, check that File Age is 30 Days.Click the Run Scan button. Do not change any other settings unless otherwise told to do so. The scan shouldn't take long. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.exePlease attach these 2 files in your next reply.Thank you. Link to post Share on other sites More sharing options...
spankyjo54 Posted August 28, 2011 Author ID:470227 Share Posted August 28, 2011 Oh crud, I was meaning to put that in but forgot, sorry. I have 2G's RAM. Link to post Share on other sites More sharing options...
spankyjo54 Posted August 28, 2011 Author ID:470228 Share Posted August 28, 2011 I am a bit surprised by the advice to not use the two utilities that I have had and been using for over 10 years. I have never had trouble with them at all with any of my other computers. I like to build them so put both on each and all I build and they have worked fine in all of them. Of course, if I see anything I am in question about I research the file's deletion or not. I just downloaded the one you advised and will do the scan tomorrow. Thanks, I hope I can get this thing running but my brother in law put a bunch of stuff on it that came with the HP package and its crammed with stuff I don't use or need. My specialty software is photo, video, audio, graphics, music editing, etc. I do play allot of games but allot of the HP games I have never used. Since it came with the HP I am wondering what can and can not be uninstalled from it and keep it running better. There is just way too much junk on here as well as suspect trojans and malware. Thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 28, 2011 Root Admin ID:470233 Share Posted August 28, 2011 Hello and Welcome to Malwarebytes,As you suspect possible Trojans or malware then you need to first get a clean bill of health before we can continue to do general PC help.Here are the steps needed to get your computer cleaned....Please read the following so that you can begin the cleaning process:You have 3 Options that you can choose from as listed below:Option 1 —— Free Expert advice in the Malware Removal Forum Option 2 —— Paying customer -- Contact Support via emailOption 3 —— Premium, Fee-Based SupportOPTION 1As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.One of the expert helpers there will give you one-on-one assistance when one becomes available.Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.OrYou may send a Private Message to a Moderator asking for assistance.OPTION 2Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.OPTION 3If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site. Please be patient, someone will assist you as soon as it is possible.PS: Please use the "ADDREPLY" button instead of other ones when you start replying. Link to post Share on other sites More sharing options...
spankyjo54 Posted August 28, 2011 Author ID:470237 Share Posted August 28, 2011 Thank you for your help. I am not at all totally sure its malware, adware, or spy ware, just a guess on my part. Since this HD is so huge and there is so much on it,allot totally unnecessary, I don't know what the problem could be. My brother in law gave me this computer when they bought themselves a new one. I also suspect duplicate files, as he put several versions of and administrator on here. HP administrator, owner administrator, guest administrator and a couple others. They each and all have different entries on their HD's first page and other different entries on the second. Its a mess. I would like to format and reload it but he has the OS that goes with this PC and will not let me have it. I am thinking its about time to get started on the new computer I started months ago. But, will see if I can speed this up just enough to use it as my backup if I need it while working on the other. Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 28, 2011 Root Admin ID:470267 Share Posted August 28, 2011 Understood, but getting someone to help you scan it to make sure it is not infected needs to be the first step so that others don't waste their time trying to fix something that malware is controlling.Once confirmed clean then as said start on PC Help cleanup. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now