[trzplace]

Hi Tech Guy,
First of all I want to say thanks for doing what you guy's go best.
Computer Description:
Windows XP Pro Ver. 2002 SP3
AMD Athlon XP 2000+
2 Gigs of ram.
My computer keeps slowing down big time.
The longer I use it the slower it gets.
I tried every conceiviable prog out there but no cigar.
I have 13 svchosts running in the task manager all the time. I deleted them, but they keep coming back....
Any help would be much appreciated...
Thank You in advance...
trzplace

[extons]

Many of the svchost.exe are very neccessary, ie. Networking and Audio files, however they sometimes do slow up your pc. They are services, and of course you can limit to what services run!

Start > Run > type "services.msc". If there are any you are certain you do not need, eg. you know what it is, then you can disable or stop it. If you aren't sure, it's best to leave it.

Time to see what you have running!

Download and install HijackThis: http://go.trendmicro.com/free-tools/...sInstaller.exe

Run it and select "Do a system scan" and save a logfile. Copy and paste the log in your next post.

[peck1234]

run a full scan with malwarebytes...

link below...

[trzplace]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:13:PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CallerID-Events\CallerID_Proc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SmartBoardXP\Smtbrd32.exe
C:\Program Files\SmartBoardXP\Smtbrd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tony & Re-Re Forever
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Program Files\ACASystems\ACACapturePro\SCapPro.exe
O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Program Files\ACASystems\ACACapturePro\SCapPro.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1205153282484
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118240525553
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1205153396599
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys,linksys,linksys,linksys,linksys,linksys
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: CallerID_Proc - Teley.com - C:\Program Files\CallerID-Events\CallerID_Proc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 8750 bytes

[extons]

Uninstall Spybot Search & Destroy and download and install both Malwarebytes and SUPER Anti-Spyware.

Run a quick scan of both and post result logs here please.

[Phantom010]

Please do not post duplicate threads:

http://forums.techguy.org/windows-xp...s-up-have.html

http://forums.techguy.org/general-se...ish-locks.html

http://forums.techguy.org/general-se...-locks-up.html

Quote:

Multiple Postings - It is simply not acceptable to post your question more than once, or to post it in more than one forum. Choose the forum that your question or post best fits in, and place it there and only there. If, after posting, you feel it should be in another forum, use the "Report Thread" button at the bottom of the post and we'll move it. We also reserve the right to move posts to other forums and delete duplicates.

[flavallee]

trzplace:

I looked at your HijackThis log and have several questions and instructions to give you, but I'm not going to spend 15 - 20 minutes doing it here if you have 3 other threads going at the same time.

Since none of the other 3 threads have been replied to yet by anyone, I suggest that we stick with this thread.

I've requested the Administrators/Moderators to delete your other 3 threads.

---------------------------------------------------------------

Update: Cookiegal appears to be taking care of that.

---------------------------------------------------------------

[flavallee]

trzplace:

What are using for a full-time antivirus program? I see an AVG toolbar in the log, but there's no AVG startup entry or services entries to show it's installed and running in the background.

-----------------------------------------------------------------

Your log indicates that you may have numerous outdated versions of Sun Java Runtime Environment still installed. We need to confirm that and also see what else is installed. Follow these instructions.

Open HijackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here. Don't post it as an attachment.

----------------------------------------------------------------

[Cookiegal]

I've closed all of the other threads so please continue in this one only. I've also moved it to the Malware Removal forum.