1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Need help with slow computer HJT Log

Discussion in 'Virus & Other Malware Removal' started by Lareux, Jun 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    I have run several cleaners on this computer that I am working on. I would appriciate some help on the HJT Log, and if anyone could tell me where I would post it or who could help me with "Autoruns" and help me figure out what to do with Procexp. These are things that PC magazine suggested I run.

    I have run

    1. Avast - Nothing found
    2. Stinger - Nothing found
    3. AdAware - 67 critical
    - Type Alexa, Possible hijack attempts, and tracking cookies.
    4. CWShredder - Nothing found
    5. Spybot - removed 4 tracking cookies, and 1 replaced file (alexa related)
    6. CCleaner
    - fixed 66 issues (and wondering what would be the consequence of removinh incorred file extensions.
    7. Ran Autoruns and saved the file. I would like some help in figuring out what to do with this.
    8. Ran HijackThis, and will attach the file when I am done with this.
    9. I ran Procexp, but I didn't find anything in there that I haven't seen in my taks manager. I have a feeling there is more to it than I am seeing, and would like some help with this too.
    I also tried to run ListDLL. It would not work and I cannot figure out why. Of course I wouldn't know what to do with it if it did run.

    I would greatly appriciate any help I can get.

    Thank you
     

    Attached Files:

  2. Sponsor

  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    A new version of Hijack This has been released so get rid of the old one and Click here to download the new one, come back here and post the log from it.
     
  5. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    Sorry, I had downloaded the new version, but sent you the old log file. It's been a long day.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:19:35 PM, on 6/4/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PackethSvc.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\COMPAQ\CPQINET\CPQInet.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\program files\quickidrive tools1.1\quickidrive.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\wuauclt.exe
    E:\Repair Kit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=3c01&lc=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [QuickiDriv] c:\program files\quickidrive tools1.1\quickidrive.exe sys_auto_run C:\Program Files\QuickiDrive Tools1.1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I don't see any malware in the log.

    * Run ActiveScan online virus scan here.

    When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
    - Save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  7. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    The computer is not hooked up to the internet right now. It has an AOL connection. Will that cause a problem with the scan? I can hook it to DSL, but it will take time.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    It needs to be connected to run the scan to see if there is anything hidden running
     
  9. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    I was just wondering if it would work OK with AOL, or if I need to hook it to DSL. It isn't easy to get to my DSL connection.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    It just needs to be connected to the net to run the online scan
     
  11. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    Activescan didn't find anything. Any other suggestions?
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    You ran an online scan on a dialup connection in that amount of time?
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    What is the problem you are experiencing here anyway? I just read your first post again and you don't mention anywhere what problem you are having.
     
  14. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    Sorry, I put my problem in the title. The computer is running slow. It is a friends mothers computer, so I have not bee on it long enough to really have a good feel for what is going on. I just started with virus scans, and clean ups. I might be in the wrong place (security), but I figured this was the best place to start.

    By the way. I hooked the computer up to the DSL connection, since I didn't have the user name and password for AOL.
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

    Disk Cleanup:

    http://www.theeldergeek.com/disk_cleanup_utility.htm

    Defrag your HD:

    http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

    Run chkdsk:

    To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

    Remove unnecessary startups

    This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
    Click OK or hit the Enter key.

    Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

    You will be prompted to restart. Go ahead and restart.

    Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

    Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

    Go here for info on msconfig:

    http://www.pacs-portal.co.uk/startup_index.htm

    You can look up the startups here to help determine what is needed and what is not:

    http://computercops.biz/StartupList.html

    here:

    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

    And here:

    http://www.windowsstartup.com/wso/browse.php?l=8&start=50&end=75
     
  16. Lareux

    Lareux Thread Starter

    Joined:
    Dec 5, 2004
    Messages:
    415
    I have run CCleaner and disk cleanup. I ran the defrag. I will run chkdsk as soon as I am done here. As for the unnecessary startups, I ran the autoruns program from sysinternals.com, and think I can fix it from there (do you agree?). I will check out the sites that you suggested, on what should be running and what should not. I was just hoping that it would be like the HJT log and someone would know what should not be in there.

    By the way, wrote you a personal post, you may want to ignore it. I thought it was like an IM, but realized that I was wrong.

    Thank you for all your help and if there is anything else you can think of, or if you have any information on the autoruns program, please let me know.
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/368471

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice