Solved: Windows XP SP1-Has anyone got time to check out my HJT Log? Computer runs terrible

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
Windows XP SP1
This log is for my other computer here at home, it has been running bad and now is really bad. At first I didn't think anything was wrong cause I ran
Adware
Spybot
Ihave Spyblaster
Ran a full McAfee scan I have 9.0
So I don't no what it is but the F2 thing in the log looks suspious to me and a couple of others but I didn't want to mess it up farther so I haven't touched the log, can someone help please?


Logfile of HijackThis v1.99.0
Scan saved at 6:18:25 PM, on 2/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT 1.99 New\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mentor - {3892CA40-9B9A-11d4-8D73-00105A296A2A} - C:\Program Files\Mentor\Mentor for Internet Explorer 5 Home Edition\IE5Help.chm (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: ra.micosoft.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094167593278
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFB5477-CC6C-4E8A-8E3E-8B77558F7D02}: NameServer = 167.142.225.5,167.142.225.3
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
I ran cwshredder and caught 4 cws on it and they were removed but I was wondering about the HJT Log since I found those, Nothing on Adware,Spybot
 
Joined
Mar 17, 2004
Messages
2,735
O9 - Extra button: Mentor - {3892CA40-9B9A-11d4-8D73-00105A296A2A} - C:\Program Files\Mentor\Mentor for Internet Explorer 5 Home Edition\IE5Help.chm (file missing)

Place a check beside this in your Hijack This log and press ' Fix Checked "

Reboot and post another log here please
 

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
I did what you said, I had to try several times to get it on a floppy it won't save on the computer you click the save log and have the HJT program goes white and then it doesn't do anything, I finally got it to go onto a floppy, also if it makes a difference half the icons on the desktop are like a white page with a computer on it instead of the regular icons, here's the log

Logfile of HijackThis v1.99.0
Scan saved at 2:34:02 PM, on 2/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Presorium\Frontgate MX\frntgate.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT 1.99 New\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [FG1_00] C:\Program Files\Presorium\Frontgate MX\frntgate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.mcafee.com
O15 - Trusted Zone: ra.micosoft.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094167593278
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AFB5477-CC6C-4E8A-8E3E-8B77558F7D02}: NameServer = 167.142.225.5,167.142.225.3
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
I know it takes time but this is the third day I have been waiting for some help, can anyone help or are you trying to tell me to go elsewhere in a nice way??
 
Joined
Mar 17, 2004
Messages
2,735
Hi xfile I got your PM .

http://forums.techguy.org/t110854.html

Go here and download Spybot Search and Destroy and Ad-Aware SE UPDATE them both and do a scan getting rid of all they find

Do a scan with Housecall and Panda

After doing all the above please post another log here If you are still having trouble I will ask for a moderator to assist here .
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
There is nothing in your log. How old is your system. Do you hear unusual noise from the fans or hard drive?
 

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
No noise, I already ran Spybot and adware at least 3 times caught nothing. Ran McAfee 9.0 caught nothing, Ran CWShredder and caught 4 CWS and they were CWS.Hidden DLL, JKSearch, smartsearch, and svchost32 after they were deleted is still does not run well at all. Also ran sfc /scannow it takes forever to even open anything up, some of the icons on the desk top are little white pages with a little computer on them, not all but about 5 of them and they just won't turn back to the icons that they are suppose to be, I even had to try 4 or 5 times to get a HJT Log, everytime you would try to save the log it would stop running so I couldn't get a backup saved so I just kept trying to get it on a floppy which I finally got lucky and it did. It is my second computer not this one, but we use them both alot. I have spyblaster, ie-spyad, I have also ran Trojan Remover and its clean could there be something still wrong with the cws that could still be around or does cwshredder take it all completely out? Also I am sorry, but while I was waiting I was trying to google some stuff and I finally took out that F2 - REG:system.ini: Shell=
every other log I had looked at most of them never had that and the ones that did din't have the shell after it they all had other stuff so I finally deleted that. I hope that does not screw my system up, could you give me some help and some feedback on if I screwed up bad by taking that out? I would appreciate any help. Also when I said I had trouble with all the programs opening and running it is like when I keep trying to save the HJT Log I will click save log and have the screen kind of turns white like its trying to save but never does, so you go to the taskmanager and surre enough it is not running so you have to end it and try again over and over again.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Sounds to me like your hard drive could be going out.

Can you download the diagnostics from the hard drive manufacturer and run it?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Ran CWShredder and caught 4 CWS and they were CWS.Hidden DLL, JKSearch, smartsearch, and svchost32
Do you know the location of these infected files?
 

xfile47

Thread Starter
Joined
Jun 21, 2004
Messages
2,142
No, cwshredder caught them and it doesn't say where they are, is there a way to find them, I thought cwshredder took them off?
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
You clicked on Fix and not Scan only?

Perhaps it's looking in the recovery folder Spybot creates.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top