1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[solved]Computer Has Slowed Down!!

Discussion in 'Virus & Other Malware Removal' started by bappida69, Aug 31, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bappida69

    bappida69 Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    22
    Hi world,

    This is a great forum and I hope someone can help out. My machine has slowed down considerably over the past few days. I ran Adaware. Ran Spybot 1.3, but that gives me a message in the middle of scan(Error during check! 2020 search). I ran HijackThis. Here is the log file:

    Logfile of HijackThis v1.98.2
    Scan saved at 9:30:17 PM, on 8/31/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    G:\WINNT\System32\smss.exe
    G:\WINNT\system32\winlogon.exe
    G:\WINNT\system32\services.exe
    G:\WINNT\system32\lsass.exe
    G:\WINNT\system32\svchost.exe
    G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    G:\WINNT\system32\LEXBCES.EXE
    G:\WINNT\system32\spoolsv.exe
    G:\WINNT\system32\LEXPPS.EXE
    G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    G:\WINNT\System32\svchost.exe
    G:\WINNT\system32\gearsec.exe
    G:\WINNT\system32\hidserv.exe
    G:\Program Files\Norton AntiVirus\navapsvc.exe
    G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    G:\WINNT\system32\regsvc.exe
    G:\WINNT\System32\SCardSvr.exe
    G:\WINNT\system32\MSTask.exe
    G:\WINNT\System32\WBEM\WinMgmt.exe
    G:\WINNT\System32\mspmspsv.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\Explorer.EXE
    G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    G:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    G:\WINNT\system32\pctspk.exe
    G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    G:\Program Files\QuickTime\qttask.exe
    G:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    G:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    G:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    G:\progra~1\kiwial~1\partner\saap.exe
    G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    G:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    G:\Program Files\Microsoft Office\Office\OSA.EXE
    G:\Program Files\PrintKey2000\Printkey2000.exe
    G:\Program Files\WinZip\WZQKPICK.EXE
    G:\WINNT\system32\Vcnxjb.exe
    G:\WINNT\system32\XheTsnO3.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\system32\wuauclt.exe
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdwaterhouse.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tdwaterhouse.com/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - G:\WINNT\system32\msbe.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [CPQEASYACC] G:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [MMTray] G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [29WRM9B5WFX7SJ] G:\WINNT\system32\Tspif2Ng.exe
    O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [yzez] G:\WINNT\yzez.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] G:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: DriveSelect.lnk = G:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = G:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Printkey2000.lnk = G:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

    Any advise is more than welcome!!

    Thanks.
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Run this uninstaller to get rid of the peper.a trojan:

    http://www.zerosrealm.com/downloads/uninst.exe

    *Note: Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

    Restart your computer and post a fresh HJT log.
     
  3. forddude

    forddude

    Joined:
    Jul 13, 2004
    Messages:
    51
    Yeah, then look at my signature. You may also want to defrag and delete your cache.

    Ford Rocks
     
  4. bappida69

    bappida69 Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    22
    Hi,

    Thanks for the resposne. Ran the uninstaller, restarted the p/c and here is the new Hijackthis log.

    Logfile of HijackThis v1.98.2
    Scan saved at 7:02:36 AM, on 9/1/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    G:\WINNT\System32\smss.exe
    G:\WINNT\system32\winlogon.exe
    G:\WINNT\system32\services.exe
    G:\WINNT\system32\lsass.exe
    G:\WINNT\system32\svchost.exe
    G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    G:\WINNT\system32\LEXBCES.EXE
    G:\WINNT\system32\spoolsv.exe
    G:\WINNT\system32\LEXPPS.EXE
    G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    G:\WINNT\System32\svchost.exe
    G:\WINNT\system32\gearsec.exe
    G:\WINNT\system32\hidserv.exe
    G:\Program Files\Norton AntiVirus\navapsvc.exe
    G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    G:\WINNT\system32\regsvc.exe
    G:\WINNT\System32\SCardSvr.exe
    G:\WINNT\system32\MSTask.exe
    G:\WINNT\System32\WBEM\WinMgmt.exe
    G:\WINNT\System32\mspmspsv.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\Explorer.EXE
    G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    G:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    G:\WINNT\system32\pctspk.exe
    G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    G:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    G:\Program Files\QuickTime\qttask.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    G:\Program Files\Common Files\Symantec Shared\ccApp.exe
    G:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    G:\WINNT\yzez.exe
    G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    G:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    G:\Program Files\Microsoft Office\Office\OSA.EXE
    G:\Program Files\PrintKey2000\Printkey2000.exe
    G:\Program Files\WinZip\WZQKPICK.EXE
    G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\WINNT\system32\wuauclt.exe
    G:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdwaterhouse.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tdwaterhouse.com/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - G:\WINNT\system32\msbe.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [CPQEASYACC] G:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [MMTray] G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [yzez] G:\WINNT\yzez.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] G:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: DriveSelect.lnk = G:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = G:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Printkey2000.lnk = G:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll


    I will also try defragmenting later.

    Any advise is more than welcome!!

    Thanks
     
  5. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Open HJT and put checkmarks next to these:

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - G:\WINNT\system32\msbe.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKLM\..\Run: [29WRM9B5WFX7SJ] G:\WINNT\system32\Tspif2Ng.exe

    O4 - HKLM\..\Run: [yzez] G:\WINNT\yzez.exe

    Include the ones below if you want. They're optional fixes that'll stop the programs from auto loading at start up. I'd definitely recommend fixing the FindFast entry.

    O4 - HKLM\..\Run: [CPQEASYACC] G:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

    O4 - HKLM\..\Run: [MMTray] G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

    O4 - Global Startup: Microsoft Find Fast.lnk = G:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE

    Close ALL browser windows and click "Fix checked."

    Restart your computer and post another HJT log. (y)
     
  6. bappida69

    bappida69 Thread Starter

    Joined:
    Jul 2, 2004
    Messages:
    22
    Thanks a lot for your replies and suggestions. I can definetely see improvement in my PC!! Heres the HijackThis log file

    Logfile of HijackThis v1.98.2
    Scan saved at 9:23:16 PM, on 9/2/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    G:\WINNT\System32\smss.exe
    G:\WINNT\system32\winlogon.exe
    G:\WINNT\system32\services.exe
    G:\WINNT\system32\lsass.exe
    G:\WINNT\system32\svchost.exe
    G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    G:\WINNT\system32\LEXBCES.EXE
    G:\WINNT\system32\spoolsv.exe
    G:\WINNT\system32\LEXPPS.EXE
    G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    G:\WINNT\System32\svchost.exe
    G:\WINNT\system32\gearsec.exe
    G:\WINNT\system32\hidserv.exe
    G:\Program Files\Norton AntiVirus\navapsvc.exe
    G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    G:\WINNT\system32\regsvc.exe
    G:\WINNT\System32\SCardSvr.exe
    G:\WINNT\system32\MSTask.exe
    G:\WINNT\System32\WBEM\WinMgmt.exe
    G:\WINNT\System32\mspmspsv.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\Explorer.EXE
    G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    G:\WINNT\system32\pctspk.exe
    G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    G:\Program Files\QuickTime\qttask.exe
    G:\Program Files\Common Files\Symantec Shared\ccApp.exe
    G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    G:\Program Files\Microsoft Office\Office\OSA.EXE
    G:\Program Files\PrintKey2000\Printkey2000.exe
    G:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    G:\Program Files\WinZip\WZQKPICK.EXE
    G:\WINNT\system32\wuauclt.exe
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdwaterhouse.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tdwaterhouse.com/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [MMTray] G:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] G:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: DriveSelect.lnk = G:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Printkey2000.lnk = G:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = G:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

    Is there anything else in here??

    Thanks!!
     
  7. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Looks clean to me. :) (y)
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/268791

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice