| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95882 | 2008-12-19 21:46:00 | HijackThis log for a slow computer | davidmmac (4619) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 731119 | 2008-12-19 21:46:00 | Hi there, We've got a laptop that has been running super slow lately. It's running XP with 512MB of RAM. Today, whenever you start it up, it takes a good 3 - 4 minutes for the task bar and desktop icons to appear, then it takes Trend Micro Internet Security a good 10 minutes extra to finish loading. To top it off, it won't let us get on the internet either, and when you click on IE, all these tabs fly open, and the only way to close IE is to go Ctrl > Alt > Del and end the process. Other computers can get on the net, just not that one. It says "limited access" (or something like that). I installed NetNanny this morning if that has anything to do with it. Everything went downhill from there (It's now been uninstalled). I decided to run a HijackThis, however that presented us with problems too. It gave us a message saying: For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, Hijack this may not be able to fix this. If that happens, you need to edit the files yourself. To do this, click start, run and type: notepad C:\Windows\System32\Drivers\etc\hosts and press enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with Quotes) and reboot. Here is the file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:51 AM, on 20/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ontri.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Hector Protector.exe.lnk = ? O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Hector - {21D714AA-A67E-4c35-9CA2-6CACACDBA24D} - C:\Program Files\NetSafe\Hector Protector\\hector_scr.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP chain gap (#4 in chain of 31 missing) O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - www.windowsvistatestdrive.com O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - www.crucial.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService.exe O24 - Desktop Component 1: (no name) - spftrl.digitalriver.com -- End of file - 7429 bytes |
davidmmac (4619) | ||
| 731120 | 2008-12-19 22:13:00 | Uninstall all versions of Java, its out of date then update it Get this then run it (www.cexx.org) Then reboot I would also do a scan with malwarebytes below |
Speedy Gonzales (78) | ||
| 731121 | 2008-12-19 22:31:00 | Thanks for your reply speedy, I uninstalled java, then installed the new version (I think, it's v6 update 11 which I downloaded last week). I also did the LSP-fix, however it said it didn't repair anything. I'll run malware bytes soon, I'm just waiting for the desktop to load. |
davidmmac (4619) | ||
| 731122 | 2008-12-19 23:54:00 | Ran malware bytes, but it didn't come up with anything, so I'm going to try spybot and ad-aware | davidmmac (4619) | ||
| 731123 | 2008-12-20 00:08:00 | Tick this entry then tick fix checked Close browsers O10 - Broken Internet access because of LSP chain gap (#4 in chain of 31 missing) This may break net access if it hasnt yet |
Speedy Gonzales (78) | ||
| 731124 | 2008-12-20 00:37:00 | Thanks speedy, will do that soon, just waiting for the ad-aware scan to finish up. Found 216(!) infections so far | davidmmac (4619) | ||
| 731125 | 2008-12-20 00:44:00 | Did you update malwarebytes before you did a scan? I would disable system restore |
Speedy Gonzales (78) | ||
| 731126 | 2008-12-20 01:07:00 | Did you update malwarebytes before you did a scan? I would disable system restore I couldn't update because of the lack of an Internet connection :crying. I'll disable system restore when ad-aware has finished scanning, and I'll tick that box on HijackThis. |
davidmmac (4619) | ||
| 731127 | 2008-12-20 01:13:00 | Finished Ad-aware scan. Found a critical object called "Win32.Adware.Onestep" | davidmmac (4619) | ||
| 731128 | 2008-12-20 01:21:00 | I've had a slight problem. Because I exited out of HijackThis to restart the computer, I had to rescan, but now I can't find the O10 entry, it just goes O9 then O16. | davidmmac (4619) | ||
| 1 2 | |||||