1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

recently got rid of virus, now my computer is starting up very slowly

Discussion in 'Virus & Other Malware Removal' started by jpsgod, Apr 23, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    Hi,
    My brother and mother are both computer illiterate and recently went onto my computer, I decided it wise to run a virus scan and adware scan.
    The virus checker picked up 8 viruses, 7 of which I deleted and 1 which it could not delete or virus vault and has no stopped detecting (however it occasionally pops up saying please run a scan because a virus has been detected)
    I downloaded a few adware blockers and the computer when running is generally working fine.
    However it is not taking much longer than usual to get onto windows when i switch it on. It used to come on in about 30 seconds, now it is taking around 5-6 minutes, which is awkward as I am impatient.
    A technician said that all he could do without looking at the computer was to suggest defragmenting it, which I have done, but it is still problematic.
    Please tell me what to do from here, thankyou
    JC
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Welcome to TSG:)

    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  3. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    K, I did the scan and got this:

    Logfile of HijackThis v1.97.7
    Scan saved at 17:18:02, on 24/04/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\htpatch.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Captain Germany\Desktop\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37670.4321064815
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Its a clean log.........which virus is being detected?

    You could lighten the load a little by fixing a few of the unnecessary startups.

    These can all be checked in Hijackthis and then "fixed"....all you will be doing is stoping the program from loading with windows,when you want to use it,just hit the icon.

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

    Try a defrag in safe mode its much more thorough.

    ;)
     
  5. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    The virus checker sometimes pops up with downloader.keenval.e or summets liek that, and says its sumwhere in systems volume information or thereabouts.

    The computer is loading up okay now, I messed about with a load of settings that i dont understand and now it seems to work ok, thanks for your help.

    The keenval virus doesnt seem to matter too much, cos it isnt doing anything.

    JC, thanks for the help.
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok, it's in your system restore folder, so it's not going anywhere, you can turn off system restore and re-enable it and it should go away. Has AVG put it into it's virus vault?

    khaz
     
  7. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    Cant remember how to do that, how do you do it,

    Im not sure what AVG has done with it, I dont think itd pop up if it had put it in virus vault.

    Do i just put system restore off, run a scan, and then turn system restore back on?

    Thanks

    JC
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    yes, just turn it off and back on again, that way it will stop the pests coming back.

    right click my computer,/properties/system restore.

    khaz
     
  9. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    Thankyou, btw, is it worth fixing all those things on the hijack this scan, cos my computer is running fine now?

    Thankee, JC
     
  10. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    yes, these items apart form the first one will not be deleted, but will stop these from starting up at start up, makes your computer run a bit better without having to load up unnessary tasks.

    khaz
     
  11. jpsgod

    jpsgod Thread Starter

    Joined:
    Apr 23, 2004
    Messages:
    8
    Thankee very much, comp is all sorted now

    JC
     
  12. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    ok, glad your ok!

    khaz
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223219

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice