1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow computer & unknown items in startup

Discussion in 'Earlier Versions of Windows' started by cwlummus, Dec 23, 2004.

Thread Status:
Not open for further replies.
  1. cwlummus

    cwlummus Thread Starter

    Joined:
    Dec 23, 2004
    Messages:
    28
    Computer is running very slow and sometimes locks-up. I ran hijack this and this is the result of the scan:


    Logfile of HijackThis v1.99.0
    Scan saved at 2:37:21 AM, on 12/23/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\WINDOWS\SYSTEM\PROMON.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\SYSTEM\PRPCUI.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
    C:\PROGRAM FILES\DR_S\DR_S.EXE
    C:\WINDOWS\SYSFIT.EXE
    C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\TSA\TS2.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLWBSPD.EXE
    C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsearching.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.portalsearching.com/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.portalsearching.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: BHO.clsInetSpeak - {D6862A22-1DD6-11D3-BB7C-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BHO.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\SYSTEM\SYSSFITB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
    O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
    O4 - HKCU\..\Run: [SYSfit] C:\WINDOWS\SYSfit.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRAM FILES\COMMON FILES\TSA\TSM2.EXE
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
    O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .com/mathematics/larson/precalculus/5e/students/downloads/p5_s4: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,75/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
    O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} (BHO.clsInetSpeak) - http://www.sexxx-direct.com/BHO.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

    Hope someone canhelp me.

    Thanks
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Download and install Adaware:

    http://www.lavasoftusa.com/support/download/

    Obtain the latest signature of this program.

    Download and install Adware VX2 tool:

    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

    When you install this program, the VX2 tool will be part of Adware under Plugins.

    Run a Full Scan of Adaware. After completion, delete all Walware found. Click on Plugins in Adaware and run the VX2 Cleaner tool.


    Download and run Spybot search and Destroy and the CWShreder:

    http://spybot.eon.net.au/en/download/index.html
    http://www.majorgeeks.com/download4086.html

    Make sure you obtain the latest signatures for Spybot and perform a Full scan and delete any Malware found. Run the CWShreder.

    Once done, run Hijackthis and post a new log in a reply.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/310992

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice