1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer is runninng WAYY to slow!

Discussion in 'Virus & Other Malware Removal' started by rudeboy420, Jan 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. rudeboy420

    rudeboy420 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    19
    Hey everyone I just reformated my computer and reloaded windows xp, drivers and all that fun stuff. I am running kaspersky 6 as my virus protection and cannot figure out what the hell is making my computer so slow! I just cant figure it out i've gotten rid of the spy ware and adware and i keep my computer clean. Just wondering if anyone can help!


    Heres my Hijack log if that helps?

    Logfile of HijackThis v1.99.1
    Scan saved at 3:48:11 PM, on 1/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MediaMonkey\MediaMonkey.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [{A825DB35-0BB0-1033-0927-041205030001}] "C:\Program Files\Common Files\{A825DB35-0BB0-1033-0927-041205030001}\Update.exe" mc-110-12-0001291
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jgcyhewe.dll",setvm
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


    My computer is a pentium 4 3 ghz, 2.99ghz and 1 gig of ram.
     
  2. amthmi

    amthmi

    Joined:
    Mar 23, 2002
    Messages:
    519
    Try posting your log in the Security forum and have the experts there
    look at your log. These two 04 entries look suspicious to me.

    O4 - HKLM\..\Run: [{A825DB35-0BB0-1033-0927-041205030001}] "C:\Program Files\Common Files\{A825DB35-0BB0-1033-0927-041205030001}\Update.exe" mc-110-12-0001291
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jgcyhewe.dll",setvm
     
  3. rudeboy420

    rudeboy420 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    19
    thanks!
     
  4. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,160
    This thread has been moved to the Security forum.

    amthmi
    Please do not request duplicate threads to be made, instead advise clicking the Red Triangle above the post and requesting the thread to be moved to another forum.

    Thank you.

    rudeboy420
    Continue replies in this thread, please wait for a member with a Gold Shield to assist.
     
  5. amthmi

    amthmi

    Joined:
    Mar 23, 2002
    Messages:
    519
    No problem EAFiedler...never noticed nor knew what the red triangle was used for.

    Be patient rudeboy420...the members of this forum are extremely bright, so if there's
    an issue with your hijackthis log they will be able to sort it out.
     
  6. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello rudeboy420. Welcome. I am reviewing your HijackThis log now and will be back with a reply as soon as possible.

    Please note that I am currently an undergraduate at a malware removal school which means that all of my responses are checked by an expert (teacher) before they reach the persons that I am helping. So there may be a slight lag in response time, but this assures that you receive quality assistance and that I get properly trained. Your patience is appreciated.:)

    Here are a few tips to help make things go smoothly:

    • * Feel free to stop and ask about anything that you are unsure of before proceeding.
      * It is often worth reading through the instructions and printing them for ease of reference.
      * Please reply only to this thread rather than start a new one.
      * Leave System Restore enabled during the handling.
      * If possible, continue to follow the topic until the system is pronounced clean; absence of symptoms does not necessarily mean absence of all malware.
     
  7. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    It appears that you may have a Vundo infection that tends to hide entries from HijackThis.


    • Open "My Computer"
      Double-click on "Local Disk ( C: )"
      Click the "File" tab
      Click "New" > "Folder"
      Name the folder "HijackThis"
      Find "HijackThis.exe" and move it into the new folder
      Now open the folder and right-click on "HijackThis.exe"
      Choose "Rename"
      Rename "HijackThis.exe" to "VundoThis.exe"
      Now open "VundoThis.exe", run a scan, save the logfile, and post it back here just as you did when the program was named "HijackThis.exe"
     
  8. rudeboy420

    rudeboy420 Thread Starter

    Joined:
    Jan 20, 2007
    Messages:
    19
    Logfile of HijackThis v1.99.1
    Scan saved at 10:59:03 PM, on 1/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
    C:\Program Files\Common Files\{A825DB35-0BB0-1033-0927-041205030001}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\New Folder\VundoThis.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {36B6DB6C-B4AF-4996-80D0-88F291BC1C3F} - C:\WINDOWS\system32\geebx.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\vuseyfom.dll
    O2 - BHO: (no name) - {91C916F5-0750-43B3-AB12-814B881ED309} - C:\WINDOWS\system32\hggfcdc.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
    O4 - HKLM\..\Run: [{A825DB35-0BB0-1033-0927-041205030001}] "C:\Program Files\Common Files\{A825DB35-0BB0-1033-0927-041205030001}\Update.exe" mc-110-12-0001291
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jgcyhewe.dll",setvm
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
    O20 - Winlogon Notify: hggfcdc - C:\WINDOWS\SYSTEM32\hggfcdc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    theres the VundoThis.exe file! thanks for the help!
     
  9. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536913

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice