Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: squirrel on July 26, 2006, 02:11:05 PM
-
Windows XP Dell GX240 tower machine is running slow. Programs do not respond as well or as fast. I am having to end-task programs more often. Really bad since colleague accidentally tripped circuit and power to machine was cut while machine was on. It ran fine before I put SpyBot and AdAware on it. Could they be killing the PC?
Please help, it is company computer.
Additional info: I have run every scan (Virusscan, spybot, adaware) I could think of, as well as defragmenting the HD and checking the disk for errors. HD properties says the disk is only half full.
Did the power thing do something? Are my anti-malware programs infected with viruses? Do I need to reimage PC and start over? Is the computer FUBAR?
Please help, it is company computer.[highlight][/highlight]
-
Try running chkdsk. It may just be that the tripped-power damaged the hard drive.
Alan <>< ;)
-
Already tried. showed nothing. :-? :-? :-? :-? :-?
HELP!!!
-
Online Virus Scan and Spyware Scan
http://www.pandasoftware.com/products/activescan.htm
Online Malware Scan
http://www.ewido.net/en/
If Panda gives you a report, save it & come back here.
-
Except that my browser programs are some of the ones that keep freezing and i have to end-task them.
-
Try safe mode + networking.
I noticed you said it was a company computer, are you allowed to fix it or should you be contacting your IT people?
-
IT people? They're all otherwise occupied. I'm all there is. What is safemode+networking? I know about safemode, but "+networking?" How to boot XP machine in safe mode?
-
Try Task Manager (Ctl+Alt+Del) to see what processes are running that could be using your processor power.
If no joy there, you can run Hijack This and post a log file here for our resident experts to analyze. It will take several posts to get it all and the whole thing must be here.
http://www.majorgeeks.com/download3155.html
-
Try Task Manager (Ctl+Alt+Del) to see what processes are running that could be using your processor power.
If no joy there, you can run Hijack This and post a log file here for our resident experts to analyze. It will take several posts to get it all and the whole thing must be here.
http://www.majorgeeks.com/download3155.html
Well, what processes should I be looking for? One person at work told me to just wipe the stupid thing and start over.
Also, as I said above, the web browsers are among the programs that are affected by the problem. I don't trust them.
-
Safe mode+networking....
When computer boots up, right when it shows the computer comapnies name (before the Windows XP loading screen) start tapping the F8 key.
You will arrive at a menu that will have optins including
"start windows in safe mode with networking"
Try out all your programs, if the same performance continues, you have a hardware issue. Otherwise, it's some program on the computer.
-
okay, i got into safe mode with networking. . .attempting suggestion. . .
-
i foud the panda thing. scanning now. . .
-
One person at work told me to just wipe the stupid thing and start over.
A good format and reinstall solves all Windows problems, for a while. Do you have a real Windows CD or what?
-
ran faster in safe mode. . .running panda scan now.
-
Don't forget Ewido when Panda is finished. ;)
-
Okay. . .
Panda found some stuff.
9 spyware things were found.
What now?
-
If Panda gives you a report, save it & come back here.
If Panda did not correct the 9 spyware things then it would have made a report for you to save.
Copy & paste that report in here.
Run Ewido too.
-
It listed all the things as cookies. I understand from a co-worker that deleting all the cookies can have a negative effect?
Running ewido now. . .
-
Okay, guys. . .
Panda found only cookies. Ewido found some adware stuff and I removed it. Adaware keeps finding something called dataminer.
-
Data Miners are a type of Adware, they Send your info like websites you visit and personal Info , to company to do market Research, there annoying little Pricks if you ask me , but having a few like 3 or 4 shouldn't Kill the Computer,
maybe you could Try CCleaner as Well
And you Still have not posted your "Hijack this" log file, it's likely that it could help
-
PC does not have HiJack this.
-
you can get it here
http://www.majorgeeks.com/download3155.html
as GX1_man Posted
-
okay, let me log onto computer hope on the other PC. be right back.
-
here is HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 10:47:16 AM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exeC:\DOCUME~1\ADMINI~1.MCP\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcps.k12.md.us/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E822D072-1DF4-4EB3-8498-8756684C7E46}: NameServer = 205.222.5.22,205.222.5.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
-
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe
-
oh, and a process in my task manager called svchost.exe is listed several times for the same user (system) and only one of them is using up a lot of memory.
-
Im not an Expet in hijack this logs, but i noticed you seem to have 3 Anti virus Scaners Running.
Norton, McAffee, And AVG
Its not a Good idea to Run so many, and can Cause alot of Slow down.
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
-
norton's won't let me uninstall it!!!!
-
And Now Can you UnderStand Why people dislike it so, there is a detailed Help file on how to dispose of it. hmm GX1_man keeps posting links to it, ill go find one
-
Try Ask Dave, i see this around quite Often , and people have giving it a pretty Positive response
http://www.askdavetaylor.com/how_can_i_fully_remove_norton_antivirus_from_my_system.html
-
I get an error message that says the log file is not vcalid or the data has been corrupted. uninstallation will not continue.
-
Is that The Error the Uninstaller is Giving you, if so i think you should try removing it trough the Registry, the Dave Taylor site Gives you the Info you need for that i believe
-
problem is that add/remove programs (like it says on the website) gives the error message. anything else in my hijack this log that needs my attention?
-
Have a look here they went trought the Norton Process just last week ^.^
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1152742462/0
Sorry, im not that Good with Hijack This logs, i think DL65 is ok
Beg him to look :)
-
Norton will plague you forever, do a clean install of your OS plus AVG, Spybot with resident teatimer & a firewall.
-
anything else in my hijack this log? :-? :-? :-? :-? :-/
-
Get rid of Norton and other antivirus programs until you are left with AVG only for antivirus.
Have one antispyware program.
Install a firewall, Sygate is good.
I'd remove all the viewpoint junk too.
-
Try Task Manager (Ctl+Alt+Del) to see what processes are running that could be using your processor power.
What processes should i be looking for?
What is svchost.exe and why does the amount of memory it is using keep increasing?
-
Here you go:
http://www.google.com/search?hl=en&q=svchost.exe+
<---------
-
but the one svchost.exe keeps on taking up more and more memory--but no processor time.
-
okay. I deleted the viewpoint stuff and the norton stuff that hijack this found. computer running better, but anything else i should do? how to keep viewpoint from reinstalling itself? why does the amt of memory svchost.exe is using keep increasing? and what other processes should i look for?
-
Have a read:
http://www.2-spyware.com/remove-viewpoint-media-player.html
and then here:
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530
-
why does the amt of memory svchost.exe is using keep increasing? and what other processes should i look for?
I have still not received an answer to these two questions? :'( :'( :'( :'( :-/ :-?
-
And what did your reading and Google searches show you so far?
There were 3,290,000 hits for svchost.exe ! :o :o :o :o
-
google just showed me what the svchost.exe was. it didn't tell me why it is eating the memory.
It isn't eating cpu time, just memory. and i saw nothing about processes to be alert for.
-
squirrel...... I just got back , how about posting a new hijackthis logfile .........as the old one has now changed .......
dl65 ::)
-
svchost.exe is normal to appear several times. My largest one takes up 21,640kb. Unless it is more than that, not a problem.
It sounds like the best thing to do is to format the harddrive. This will lose all data on the harddrive, so make sure you back it up on CD or other computer. You'll need a legal Windows XP disk (or whatever OS you are using) and the drivers disk which you should have been given with your computer, but you might be able to download these. Formatting can be hard because you'll lose the data, but it will have 95% chance of fixing this problem. Because everything goes, including the bad stuff. We can then help you install Windows the "proper" way to minimize the risk of this happening again. (But if this is your only Interent computer, let us give you the instructions first of course!)
But if you want to keep on trying for the moment to fix it, on the task manager processes list list for us all the processes which use lots of memory, or anything you think looks suspicious (or the whole list if you have time). We can then see if it has anything suspect in it.
Have you ran checkdisk and defragmented the drive? I haven't read all of this thread.
-
Have you ran checkdisk and defragmented the drive? I haven't read all of this thread.
You really Should Read the Entire Tread First, if you had you'd know Squirrel does not want to Format and Has Run scan Disk and Defrag.
And the computer is not So craped out that a Format is Necessary, its only got a Few bug's they just seem to big of the Big slow Verity
-
running much better since i deleted viewpoint. going to run hijack this, be right back.
-
here it is. . .if there's anything else i need to delete? BTW, managed to erase norton's completely ;D
Logfile of HijackThis v1.99.1
Scan saved at 1:27:47 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcps.k12.md.us/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
-
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E822D072-1DF4-4EB3-8498-8756684C7E46}: NameServer = 205.222.5.22,205.222.5.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
-
Hi Squirel....... Ok , heres what I see.........
You arent running any firewall , which is ok ........ and not causing any issue ...... but , I'm seeing referance to 2 differant AV scanners running ...AVG and some active virus scanner from McAfee ........ Really you only be running one ...... Anti virus application ........... it's ok to have a second one installed , but it shouldnt be active .......
Now on to the log file .........
I would mark for removal , the following :
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
now then please check these items and only leave them if you know what they are and trust them ..........
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - [highlight]appears to be a active X item ...... if you dont know and trust it remove it .[/highlight]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - [highlight]Same comment as above [/highlight]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E822D072-1DF4-4EB3-8498-8756684C7E46}: NameServer = 205.222.5.22,205.222.5.23 [highlight]Is this address part of your ISP or do you know it to be safe ?[/highlight]
that IP address appears to be ........ part of ...... Montgomery County Public Schools [highlight]Does that sound right to you ? [/highlight]
let us know about those questionable entries ..........
dl65 ::)
-
Hi Squirel....... Ok , heres what I see.........
You arent running any firewall , which is ok ........ and not causing any issue ...... but , I'm seeing referance to 2 differant AV scanners running ...AVG and some active virus scanner from McAfee ........ Really you only be running one ...... Anti virus application ........... it's ok to have a second one installed , but it shouldnt be active .......
Now on to the log file .........
I would mark for removal , the following :
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
okay. . .
now then please check these items and only leave them if you know what they are and trust them ..........
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - [highlight]appears to be a active X item ...... if you dont know and trust it remove it .[/highlight]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - [highlight]Same comment as above [/highlight]
is active x bad? how do i know company doesn't need it there?
O17 - HKLM\System\CCS\Services\Tcpip\..\{E822D072-1DF4-4EB3-8498-8756684C7E46}: NameServer = 205.222.5.22,205.222.5.23 [highlight]Is this address part of your ISP or do you know it to be safe ?[/highlight]
that IP address appears to be ........ part of ...... Montgomery County Public Schools [highlight]Does that sound right to you ? [/highlight]
Yes. that's the company.--HEY!!! HOW DID YOU FIND THAT OUT? DOES IT SAY THAT, TOO????? :-?
-
squirrel....... I just did a little research on that ip address nd there is a whack of info available , but thats all I showed ........
so this is a work machine then ...and not your personel home machine then ?
Active X can be a problem , but in your case it may be ok .
dl65 ::)
-
yeah. earlier in the thread i think i mentioned that. ::) 8-)
-
here is yet another hijackthis log file. . .if ya need it. :)
Logfile of HijackThis v1.99.1
Scan saved at 4:07:52 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcps.k12.md.us/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
-
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E822D072-1DF4-4EB3-8498-8756684C7E46}: NameServer = 205.222.5.22,205.222.5.23
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
-
squirrel........ Your hijackthis logfile looks ok ........ except , I still referances to more than 1 av ........
How is the machine running now ? The lack of co-operation between the differant AV scanners may be causing some lag ....... ( but only you would know that)
The only other thing I can suggest would be a clean install , which you dont want to do .
dl65 ::)
-
running much much much much much much mucxh much much better!!!!!! :) :) :) :) :) ;D ;D ;D 8-) ;D ;D ;D 8-) 8-) 8-) 8-) 8-) 8-) ;D ;D ;D ;D
[highlight]THANX[/highlight]
-
The issue appears to have been resolved
[size=16] this topic is closed [/size]
dl65 ::)