1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows ME running slow

Discussion in 'Virus & Other Malware Removal' started by mikebach, Sep 11, 2006.

Thread Status:
Not open for further replies.
  1. mikebach

    mikebach Thread Starter

    Joined:
    Dec 19, 2003
    Messages:
    50
    No this is not a joke, user has ME, running slow. I cleaned up a lot of garbage, but still kind of running slow, and getting a lot of pop ups. belowis the Hijackthis log contents:
    Logfile of HijackThis v1.99.1
    Scan saved at 8:55:10 PM, on 9/8/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
    C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\PROGRAM FILES\VERIZON\SERVICEPOINT\VERIZONSERVICEPOINT.EXE
    C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\APPLICATION DATA\TPUS\DLLHOST.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\1146276199\EE\AOLHOSTMANAGER.EXE
    C:\PROGRAM FILES\OUUA\WKPCJTHU.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\1146276199\EE\AOLSERVICEHOST.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {9C4A95D8-7D4A-10CB-1DF7-70E29F717396} -
    C:\WINDOWS\SYSTEM\MOFQGVYW.DLL
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
    file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
    C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM
    FILES\JUNO\QSACC\X1IEBHO.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
    C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -
    C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
    O2 - BHO: (no name) - {EE89B3F3-0E6D-1896-6BE0-51800E4A5291} -
    C:\WINDOWS\SYSTEM\ITW.DLL (file missing)
    O2 - BHO: (no name) - {D796D763-3FA7-0523-F2F9-601340DB6CC0} -
    C:\WINDOWS\SYSTEM\YPDBR.DLL (file missing)
    O2 - BHO: (no name) - {1935D031-3CA2-2456-A7AC-6543B216A299} -
    C:\WINDOWS\SYSTEM\LHAHK.DLL (file missing)
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {9C4A95D8-7D4A-10CB-1DF7-70E29F717396} -
    C:\WINDOWS\SYSTEM\MOFQGVYW.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM
    FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
    - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft
    Works\WkDetect.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution
    Assistant\Common\bin\RxMon9x.exe
    O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution
    Assistant\MotiveAssistant\bin\mad.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program
    Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP
    STUDIOS\WINPATROL\winpatrol.exe
    O4 - HKLM\..\Run: [strtas] LOC1.EXE
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program
    Files\Verizon\Servicepoint\VerizonServicepoint.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    Files\AOL\1146276199\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
    Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE"
    -atboottime
    O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common
    Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [strtas] LOC1.EXE
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common
    Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common
    Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet
    Security\ISSVC.exe"
    O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec
    Shared\ccProxy.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
    Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft
    Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [strtas] LOC1.EXE
    O4 - HKCU\..\Run: [Lrrn] "C:\WINDOWS\Application
    Data\tpus\dllhost.exe" -vt yazr
    O4 - HKCU\..\Run: [Tuda] C:\Program Files\Ouua\wkpcjthu.exe
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft
    Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common
    Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM
    TOOLBAR\AIMBAR.DLL/aimsearch.htm
    O8 - Extra context menu item: Display All Images with Full Quality -
    "res://C:\PROGRAM FILES\JUNO\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality -
    "res://C:\PROGRAM FILES\JUNO\qsacc\appres.dll/227"
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
    Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
    Files\Yahoo!\Common/ycsms.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol
    toolbar 2.0\resources\en-US\local\search.html
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37}
    - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia -
    {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft
    Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program
    Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} -
    C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM
    FILES\AIM\AIM.EXE
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} -
    C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} -
    C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
    C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -
    C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
    O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration
    Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
    O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.42/display/PopupSh.ocx


    Thanks
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, mikebach :)

    Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

    This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

    Download CWShredder here to its own folder.

    Update CWShredder

    * Open CWShredder and click I AGREE
    * Click Check For Update
    * Close CWShredder

    Download and install CleanUp!

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Close the Shredder.

    Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    Set the program up as follows:
    Click "Options..."
    Move the arrow down to "Custom CleanUp!"
    Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
    Press the CleanUp! button to start the program.

    It may ask you to reboot at the end, click Yes.

    Restart the computer in Normal Mode.

    Run Ad-Aware with the latest update.
    • Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
    • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
    • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
    • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
    • Once the definitions have been updated:
    • Reconfigure Ad-Aware for Full Scan as per the following instructions:
      • Launch the program, and click on the Gear at the top of the start screen.
      • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
        • "Automatically save logfile"
        • Automatically quarantine objects prior to removal"
        • Safe Mode (always request confirmation)
        • Prompt to update outdated confirmation) - Change to 7 days.
      • Click the "Scanning" button (On the left side).
      • Under Drives & Folders, select "Scan within Archives"
      • Click "Click here to select Drives + folders" and select your installed hard drives.
      • Under Memory & Registry, select all options.
      • Click the "Advanced" button (On the left hand side).
      • Under "Shell Integration", select "Move deleted files to Recycle Bin".
      • Under "Log-file detail", select all options.
      • Click on the "Defaults" button on the left.
      • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
      • Click the "Tweak" button (Again, on the left hand side).
      • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
        • "Unload recognized processes during scanning."
        • "Obtain command line of scanned processes"
        • "Scan registry for all users instead of current user only"
      • Under "Cleaning Engine", select the following:
        • "Automatically try to unregister objects prior to deletion."
        • "During removal, unload explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot."
        • "Delete quarrantined objects after restoring"
      • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
      • Click on "Proceed" to save these Preferences.
      • Click on the "Scan Now" button on the left.
      • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
    • Close all programs except ad-aware.
    • Click on "Next" in the bottom right corner to start the scan.
    • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
    • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
    Manually download Latest definition file: Here
    • Please Note Version SE Build 1.06 is now available! This download is for use with Ad-Aware SE versions only.
    • Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
    • You can also use the webupdate component implemented in Ad-Aware to install this update.
    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report as well as a fresh Hijackthis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/500284

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice