Find your solution!

New Rain · 16-May-2009, 11:45 AM #1

I am not knowledgeable at all about computers. I have what I've had different people suggest that I put on my computer, as far as anti-virus, anti-spyware, etc.
It is running so slowly now, that I suspect that some of these programs are competing against each other.
I started with Norton, and really didn't like that at all. Since then, my programs have all been free online, and I think that has worked well, until recently.
Would anyone here be up to the challenge of helping me to straighten out this mess?
I also want to know if I could have a virus - I went online to Comodo and it showed nothing, in addition to my regular scans coming up clean.
Oh, one more thing. This computer belonged to someone else before I had it - he used it for a small business. He suggested I take out programs I don't need. Not being sure what I do or don't need, I have tried to do that, also. There are two programs on here from Print Shop - a Business card program and one that says Brochures, Newletters, etc. It was last used in 2006. I've tried several times to remove both of these and although the messages come up, the uninstall wizard won't come up, so they're both here. They seem to be taking up more space than other programs - don't know how important that is, but I wonder why they won't remove themselves.
Thank you, anyone, who may help.

stantley · 16-May-2009, 04:45 PM #2

The best way to "start fresh" is to reinstall Windows. Do you have the Windows install discs that came with the PC?

To help you fix the PC the way it is now post a HijackThis log.

Go to this site http://www.trendsecure.com/portal/en...?page=download.

Click on 'Download HijackThis Installer'.

*Save HJTInstall.exe to your desktop, or to the location where you normally download.
*Double-click on HJTInstall.exe.
*Click on Install.
*By default it will install to C:\Program Files\Trend Micro\HijackThis.
*Once installed, it will launch Hijackthis.
*Click on the 'Do a system scan and save a logfile button'. It will scan and the log will open in notepad.
*Click Save to save the log file.
*Click on 'Edit > Select All' then click on 'Edit > Copy' (or Ctrl-C) to copy the entire contents of the log.
*Come back to this thread and Paste (or Ctrl-V) the log in your next reply.

*DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

New Rain · 16-May-2009, 05:10 PM #3

Thank you for your reply.

I already have Hijack this on my computer, from an earlier attempt that the person on the other end didn't reply to.

I don't know if I have the Windows CD. It should be here, but I moved in December and don't know where everything is. Assuming I find it, which should I do first - Hijack this, or reinstall Windows?

stantley · 16-May-2009, 05:18 PM #4

Post the HJT log and we'll go from there.

New Rain · 16-May-2009, 08:17 PM #5

here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:12 PM, on 5/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: https://*.webconference.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/def...2.1.0.0.55.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/def...g.1.0.0.37.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (Comodo AV Scanner ActiveX) - http://personalfirewall.comodo.com/s...oAVScanner.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Internet History Eraser\autocomp.exe (file missing)
O23 - Service: BOCore - Unknown owner - C:\Program Files\Comodo\CBOClean\BOCORE.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - http://accuratedatasystems.com/1620-2.jpg
O24 - Desktop Component 1: (no name) - http://www.bankofnc.com/images/greybgstripe.gif
--
End of file - 10256 bytes

stantley · 17-May-2009, 08:06 AM #6

Since you have Winpatrol running there's no need to run Spybot Teatimer. Start up Spybot, make sure Mode is set to Advanced. Go to Tools > Resident, and uncheck "Resident TeaTimer".

Get Startup Control Panel to turn off some of your startup programs. You can turn off these:

[RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
[iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
[SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

I'm sure there are some others you could turn off, but it depends on what programs you use.

You can go here to find out what they do: http://www.bleepingcomputer.com/startups/

See if trimming down your startups help speed things up a little.

New Rain · 17-May-2009, 04:45 PM #7

Thank you so much. I took one security program off before posting here, after I added Spybot, and it has helped a lot.

I'll let you know how it goes.

Thanks, again.

New Rain · 17-May-2009, 09:50 PM #8

It wasn't as easy as it sounded.
I disconnected Resident Teatime with no problems.
When you say Startup Control Panel, what do you mean? On the Start Menu, I found Power DVD, Quicktime and iTunes, but not Java, nor hte system 32. When I went to the Control Panel, I found folders for these, except maybe the system 32. I was looking for something that was listed the way you listed them for me, but didn't find that. If I uninstall the wrong thing or wrong way, will it cause a problem?
I'm sorry to be so ignorant about this, but I really want to get this right.
Thanks, again.

stantley · 17-May-2009, 11:13 PM #9

Quote:

Originally Posted by New Rain

When you say Startup Control Panel, what do you mean?

I mean a small program you get here: http://www.mlin.net/StartupCPL.shtml

Click on "Download Startup Control Panel 2.8", unzip the file and double-click on StartupCPL.exe to install the program.

New Rain · 19-May-2009, 08:44 PM **#10**

I did what I think you said the first time - I didn't click on Startup Control Panel before that last post. I found everything you listed, and unchecked them. After that, I couldn't connect to the Internet. I went back and clicked the systeme 32/ctfmon.exe, because it was in a different group from the other 4 that were on the list you made. (Obviously) I'm reconnected with the Internet, and things are moving more quickly. Tonight, the computer got tied up and I had to cut it off, so it isn't working quite as well as it should. Do you have any more suggestions? Could there be a virus that is causing problems, too?

stantley · 19-May-2009, 10:17 PM **#11**

There are a few more you could probably turn off after you look them up at that bleepingcomputer site I gave you.

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

There's no obvious signs of malware on your system but I'm not a HJT expert so someone with a gold shield will have to look at your log to verify that your system is clean.

New Rain · 19-May-2009, 10:26 PM **#12**

I'll do that tomorrow.

I hadn't thought of Malware - does one of my programs scan for that? I used to have a Malware program, but think it's not here any longer.

Thanks again - I'll let you know what happen.

stantley · 20-May-2009, 07:40 AM **#13**

You have COMODO Firewall, Avira anti-virus, SUPERAntiSpyware, Spybot and WinPatrol so you have a good mix of security programs. You should be OK in that area.

Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor network networking outlook problem processor ram recovery router safe mode slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)