1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help Clean my SLOW computer!

Discussion in 'Virus & Other Malware Removal' started by MissPantera, Jan 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    Hello! So I used to know what I was doing as far as cleaning and keeping up my computer.....its been years! My computer has somehow gotten to a point where it will barely run my games! It is slow to start, slow to load anything but it downloads fine, so I know its not my internet causing my games not to work. I recently installed firefox & even this didnt help. OH! I also just deleted all the entries at the top of HJT with anything to do with IE. Dunno if that was a dumb move or not.... Here is my HJT log, please help me clean this thing out & help me get it back to normal!!!! Thank you! :)


    Logfile of HijackThis v1.99.1
    Scan saved at 7:56:09 PM, on 1/4/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsrpcn32.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,795
    Your version of HijackThis is quite outdated. Download and run THIS one instead and post the log in your next reply.
     
  3. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    Thank you for your quick response. Here is the new log...Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:09:05 PM, on 1/4/2012Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\NETGEAR\WNA1100\WifiSvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\NETGEAR\WNA1100\WNA1100.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO15 - ESC Trusted Zone: http://*.update.microsoft.comO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsrpcn32.dllO20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exeO23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe--End of file - 3319 bytes
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,795
    When copying and pasting the log, insure you're not applying any line spacing. The log is unreadable this way.

    Why haven't you upgraded from SP2 to SP3 yet?
     
  5. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    I seen the way that was pasted on there & wondered why...the first one was fine??? I also dont know what SP3 is??? I will try to post a readable log.
     
  6. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:09:05 PM, on 1/4/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsrpcn32.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    --
    End of file - 3319 bytes
     
  7. SUEOHIO

    SUEOHIO

    Joined:
    Jan 30, 2007
    Messages:
    3,754
    First Name:
    SUE
    SP3 has all the latest updates needed for windows xp.The other ones arent even supported anymore.
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,125
    First Name:
    Frank
    You didn't submit the ENTIRE new HiJackThis log because several entries are obviously missing.

    --------------------------------------------------------------

    Besides the fact that Windows XP and Internet Explorer are very outdated, AVG 8 is also very outdated.

    It's my guess that a number of programs and add-ons are also outdated.

    It appears that computer has been neglected for a long time.

    --------------------------------------------------------------

    What's the brand name, model name, and model number of that computer?

    --------------------------------------------------------------
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,795
    Is Automatic Updates enabled on that computer? How long ago has that computer been updated through Windows Update?

    Furthermore, I believe that computer is infected.
     
  10. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    Okay. I tried a few things before anyone had replied & havent had time to get back here. Automatic Updates were NOT enabled, when I tried to enable them it wouldnt let me. I did a windows update & did a quickfix about that issue. Here is my new HJT log ( all that it gives me) Please help!!!! I wont do anything else from here until instructed. My computer is running AVG but I wouldnt doubt it being infected :( I really need help...cant afford a new computer :( Thanks for the replies.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:37:13 PM, on 1/10/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsrpcn32.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 4612 bytes
     
  11. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    My computer is a HP Compaq Presario....I do not know how to find the model #. Also, I thought the update I just did was the SP3 but in SYSTEM in CONTROL PANEL, it shows SP2. I CLEARLY dont know what I am doing.......which is why I came here for help......................
     
  12. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,795
    I'd first take care of the infection. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.

    I would also remove AVG 8 with the AVG Remover and install the free Microsoft Security Essentials.
     
  13. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,125
    First Name:
    Frank
    If you don't know for sure what the model number of that Compaq Presario is, look at the product number(P/N) and/or model number(M/N) on the sticker.

    Advise us what that number(s) is.

    -------------------------------------------------------------
     
  14. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    Thank you. I have done the following:
    -Used the link above to remove AVG.
    -Updated to SP3
    -Installed Microsoft Security Essentials
    -Did a scan using MSE, found nothing...half hour later, it found this on its own
    --- TrojanDownloader:ASX/Wimad.BX & removed it.

    ok now... - I did a Microsoft Update scan & it found 103!!!! high priority updates!!!!! Do I HAVE to get all these????? That's 92MB & my memory isnt all that great anyhow... Or can I just forget about them since I have SP3 now & they were prob old ones needed for that?
    So, as soon as I uninstalled AVG, my computer started running faster. BUT when I got the Microsoft Security, it slowed down. Its still not as slow as before. Also, what is it in the hjt log that makes you think I'm infected? Should I still move this thread or just wait for the next set of directions to clean this old thing out?


    Product # - RF800AA
    COMPAQ PRESARIO SR2011WM
     
  15. MissPantera

    MissPantera Thread Starter

    Joined:
    Jan 4, 2012
    Messages:
    9
    NEW LOG -


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:02:41 PM, on 1/11/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8MSE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgRemover] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\Content.IE5\0GBF1671\avg_remover_stf_x86_2012_1796[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG8" /avgdatadir="C:\Documents and Settings\All Users\Application Data\avg8"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1326326014265
    O20 - AppInit_DLLs: C:\WINDOWS\System32\dbmsrpcn32.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 5765 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1034615

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice