| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 102155 | 2009-08-09 04:28:00 | After malware/virus removal, PC is extremely SLOW... | fifi1314 (15157) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 799625 | 2009-08-09 04:28:00 | :groan: About one week ago, my Google search engine started to redirect me to different links.. so I did below fix... 1. Went to safe mode and ran Avg, adware and spybot. 2. Ran hijackthis in safe mode with network connection, here is the newest log: (I deleted the bold "Nasty" and another unknown one, bothO32, before this, I also did several hijackthis scans and deleted bad files) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:06:53 PM, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Fifi's download software\Entertainment\Media Downloading agent\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - ProcessProtection.dll (file missing) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Fifi's download software\Entertainment\Media Downloading agent\getflash.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - C:\Fifi's download software\Entertainment\Media Downloading agent\jc_link.htm O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØÈ«²¿Á´½Ó - C:\Fifi's download software\Entertainment\Media Downloading agent\jc_all.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - Extra context menu item: •¢Ë͵½ Bluetooth(&B) - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: µ¼³öµ½ Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Fifi's download software\Chat\AddEmotion.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ???¡¥??¨¤¡Á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: ???¡¥??¨¤¡Á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\MDAREL~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\MDAREL~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\MDAREL~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: D??¡é?¨¬?¡Â - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ?¨¬3¦Ì - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Fifi's download software\Entertainment\Media Downloading agent\FlashGet.exe O9 - Extra 'Tools' menuitem: ?¨¬3¦Ì(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Fifi's download software\Entertainment\Media Downloading agent\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h17000.www1.hp.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Contrl Center of Storm Media (ccosm) - ±±¾©±©•çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹«Ë¾ - C:\Fifi's download software\Entertainment\Media Downloading agent\stormliv.exe O23 - Service: DiskPro_Service - Unknown owner - C:\Fifi's download software\?a?¨¹1¡è??\fse\DiskPro.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10065 bytes 3. I ran ATF cleaner and SUPERAntiSpyware in safe mode to fix the win32/cryptor problem. 4. Then my firefox is super slow, so I Creating_a_new_profile and it’s running fine now. BUT, my computer is still SOOOO slow, especially the start-up. Any help will be greatly appreciated. Fifi1314 |
fifi1314 (15157) | ||
| 799626 | 2009-08-09 04:39:00 | Wait for Speedy Gonzales to log at your log file above meanwhile download and run Trojan remover, tick everything then run it and see if it finds anything. It is only a trial version but still works. Could also be the fact you have McAfee and AVG running see your log. I would ditch AVG and get Avast much better as well as free and having a smaller footprint and uses less resources |
gary67 (56) | ||
| 799627 | 2009-08-09 04:50:00 | [QUOTE=fifi1314;808857] c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\system32\conime.exe Serious. R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - ProcessProtection.dll (file missing) O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ - C:\Fifi's download software\Entertainment\Media Downloading agent\jc_link.htm O8 - Extra context menu item: &ʹÓÿ쳵(FlashGet)ÏÂÔØ È«²¿Á´½Ó - C:\Fifi's download software\Entertainment\Media Downloading agent\jc_all.htm O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ È«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O9 - Extra button: ???¡¥??¨¤¡Á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: ???¡¥??¨¤¡Á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: ?¨¬3¦Ì - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - O9 - Extra 'Tools' menuitem: ?¨¬3¦Ì (FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Fifi's download software\Entertainment\Media D O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: Contrl Center of Storm Media (ccosm) - ±±¾©±©•çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹«Ë¾ - C:\Fifi's download software\Entertainment\Media Downloading agent\stormliv.exe O23 - Service: DiskPro_Service - Unknown owner - C:\Fifi's download software\?a?¨¹1¡è??\fse\DiskPro.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe Don't have both AVG and McAfee. Ditch Mcafee. CLean out the startup too, it so cluttered. |
pctek (84) | ||
| 799628 | 2009-08-09 05:09:00 | Uninstall askbar Tick these then tick fix checked Close browsers R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Uninstall all versions of java its out of date, then update it And yup uninstall Mcafee and AVG, install Avast instead |
Speedy Gonzales (78) | ||
| 799629 | 2009-08-09 06:52:00 | The fact that you have two Antiviruses already makes your computer slow as heck... | Blam (54) | ||
| 799630 | 2009-08-09 22:22:00 | Uninstall askbar Tick these then tick fix checked Close browsers R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Uninstall all versions of java its out of date, then update it And yup uninstall Mcafee and AVG, install Avast instead Thanks all of you!! I went to control panel, Remove program --- I do see Mcafee, but it is not like other software has a delete key... Also, Mcafee is not in my program folder.... So where do I go to uninstall Mcafee? Thanks! |
fifi1314 (15157) | ||
| 799631 | 2009-08-09 22:25:00 | Try the file here (service.mcafee.com) MCPR.exe. Follow the instructions | Speedy Gonzales (78) | ||
| 799632 | 2009-08-09 22:41:00 | Try the file here (service.mcafee.com) MCPR.exe. Follow the instructions Man, Speedy, Thanks alot, my pc is running in normal speed now... I also did fragment clean... |
fifi1314 (15157) | ||
| 799633 | 2009-08-09 22:44:00 | Cool :) | Speedy Gonzales (78) | ||
| 799634 | 2009-08-09 22:45:00 | I find that McAfee's own removal method leaves traces. Use Revo Uninstaller: www.revouninstaller.com Run it, then double click McAfee. If the uninstaller for McAfee doesn't pop up, click next anyways and Revo will scan for all leftover registry entries and files, only check the bold items. EDIT: Too late... Blam |
Blam (54) | ||
| 1 2 | |||||