38 replies to this topic

[reddcrush]

hello...thanks in advance for any help...my computer is running very slow...freezing up and pages are opening up very slow or not at all...i have run my spyware programs and my anti virus programs and no detections were found...i am just a novice but i can follow direction well (i think!) again any help would be greatly appreciated...
oh one more thing...i dont use msn messenger how can i remove it...it always opens in my task bar and i dont want it there.




Logfile of HijackThis v1.99.1
Scan saved at 9:12:30 AM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0a\waol.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\111035~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111035~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolcdn.com/ap/Resources/1....-US.9.3.2.1.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://pictures.aolcdn.com/ap/Resources/1....-US.9.3.2.0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

[rridgely]

Download this program and install it. Then update it and do a full system scan. At the end it will ask to save a log. Tell it to and post the log here.
http://www.ewido.net/en/download/

[reddcrush]

rridgely, on Dec 7 2005, 05:37 PM, said:

Download this program and install it. Then update it and do a full system scan. At the end it will ask to save a log. Tell it to and post the log here.
http://www.ewido.net/en/download/

hi...the link you provided me with is giving me an error message telling me that the file or download site is corrupt...it wont let me run or save it....help please

[rridgely]

http://download.ewid...ewido-setup.exe

try a direct link.

[reddcrush]

rridgely, on Dec 7 2005, 07:47 PM, said:

http://download.ewid...ewido-setup.exe

try a direct link.

i am sorry i dont mean to be a pain but, that link is still not letting me download the program..
the message is:
INSTALLER YOU ARE TRYING TO USE IS CORRUPTED OR IMCOMPLETE. THIS COULD BE THE RESULT OF A DAMAGED DISK, FAILED DOWNLOAD OR VIRUS...

WHAT TO DO?

[rridgely]

Ok download this zip file full of programs install any that you dont have and then update and scan with all of them.

http://www.lunarsoft.net/index.php?ind=dow...ry_view&iden=12

[rridgely]

Post a new log when finished.

[reddcrush]

rridgely, on Dec 7 2005, 09:30 PM, said:

Post a new log when finished.

OMG...this is insane....after downloading the file, i tried to open the zip file that i saved onto my desktop and got another error message:

THE COMPRESSED (ZIPPED) FOLDER IS INVALID OR CORRUPT...

please advise

[rridgely]

ok run this online scan. Do complete scan and remove everything that it finds.
http://www.trendmicr...tro/default.asp

[reddcrush]

rridgely, on Dec 7 2005, 10:19 PM, said:

ok run this online scan. Do complete scan and remove everything that it finds.
http://www.trendmicr...tro/default.asp

i am so frustrated....i received another error message when trying to download the trend micro house call...the first message was concerning my java...it said:
JAVA SUPPORT IS DISABLED ON MY SYSTEM...so i tried to download the link and it wouldnt let me...it said something to the effect: FILE CANT BE FOUND, so i went into my program files and saw the java folder (again remember i am a novice) and it seemed all the componets were there...IDK...anyway, i was somehow able to bypass that and clicked on the micro link...it seemed to be downloading and when it was done i got another error message: FAILED TO UPDATE THE TREND MICRO HOUSE CALL KERNAL CLOSE AND TRY AGAIN...

what is happening to my computer??? please advise

[rridgely]

Have you used any registry cleaners or anything lately?

[reddcrush]

rridgely, on Dec 7 2005, 11:07 PM, said:

Have you used any registry cleaners or anything lately?

yes i did...i used the ccleaner yesterday...i came across the site while searching for spyware programs...thats how i found this forum...i installed the program and ran the scan....it seemed my computer was performing worse, so i did a system restore and the program was removed....i also downloaded another program called startup mechanic which i removed as well....

please tell me you can help me fix what ever i did wrong

[rridgely]

CCleaner wasnt the problem it is probably start up mechanic. Please give me a link to the start up mechanic site.

[reddcrush]

rridgely, on Dec 7 2005, 10:43 PM, said:

CCleaner wasnt the problem it is probably start up mechanic. Please give me a link to the start up mechanic site.

http://www.startupmechanic.com/
thank you so much for helping me...i anxiousy await your response...i restored the backup registry from yesterday...

[reddcrush]

reddcrush, on Dec 7 2005, 11:09 PM, said:

http://www.startupmechanic.com/
thank you so much for helping me...i anxiousy await your response...i restored the backup registry from yesterday...

i also wanted to tell you that there is a very scary looking database file in my notepad that was in my recycle bin from startup mechanic...i tried to copy and paste it so you can see it but everytime i try to post it i get a message website not responding....it seems that this program may have been full of viruses...now im am very nervous that i really did something wrong

ps..if you want i can email you the notepad text document,

[reddcrush]

reddcrush, on Dec 7 2005, 11:17 PM, said:

i also wanted to tell you that there is a very scary looking database file in my notepad that was in my recycle bin from startup mechanic...i tried to copy and paste it so you can see it but everytime i try to post it i get a message website not responding....it seems that this program may have been full of viruses...now im am very nervous that i really did something wrong

ps..if you want i can email you the notepad text document,

since this last post...
i was able to download the ewido security suite and ran a scan the was only one item found....i am still unable to download the trendmicro, as i get an error message reguarding the java...my active x controls are enabled but, i am unable to upgrade the java....
again, im sure i dont know what im doing but, i definately know that something is wrong with my computer.....pages are only opening up half was...or sometimes not at all..its just black....i have a high speed cable connnection but, my computer is slower than ever....or it just freezes forever.....and my homepage on road runner wont open at all
again, i anxiously await your response

[rridgely]

Ok sorry for the delay.(I'm usually much quicker.)

I think you disabled/deleted some stuff with start up mechanic. First lets get a fresh log.

Go to start>Run> and type msconfig. Look under services and startup and make sure everything is checked. Do NOT do anything else from that screen.

[reddcrush]

rridgely, on Dec 8 2005, 06:02 PM, said:

Ok sorry for the delay.(I'm usually much quicker.)

I think you disabled/deleted some stuff with start up mechanic. First lets get a fresh log.

Go to start>Run> and type msconfig. Look under services and startup and make sure everything is checked. Do NOT do anything else from that screen.

hi....sorry i wasnt able to be online last nite...funny though, all i could think about was getting back to my computer to see if you were there...LOL...anyway, i did as you said and went to startup and everything that is ususlly checked was checked...here is a copy of my new log file.....
again, anxiously await your response....ps, my computer is still messed up....i know i need more memory but, i really dont have alot of files or large running programs so....
ok....ttyl



Logfile of HijackThis v1.99.1
Scan saved at 9:57:33 AM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\111035~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111035~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolcdn.com/ap/Resources/1....-US.9.3.2.1.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://pictures.aolcdn.com/ap/Resources/1....-US.9.3.2.0.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

[rridgely]

Ok your problem is something to do with your registry. It was caused by the startup mechanic but I dont know what it did without hunting through your registry(something I obvisouly cant do).

What are your system specs? Also have you defragged your pc lately?

[reddcrush]

rridgely, on Dec 9 2005, 06:13 PM, said:

Ok your problem is something to do with your registry. It was caused by the startup mechanic but I dont know what it did without hunting through your registry(something I obvisouly cant do).

What are your system specs? Also have you defragged your pc lately?

forgive my ignorance but, how do i find my system registry? also, is there anything i should delete on my hijack log file? i have defragged my computer...i keep up with my scans and delete the temp files and all the basis stuff....again, it just seems like my computer is freezing and taking a long time for pages to open...anyway, since i restored the registry, it seems to running slightly better...maybe cause i moved and the cable connection is bad...i know i need more memory but, no funds for that now...anyyway, anything else you can suggest would be appreciated...should i download ccleaner?
thanks...