Computer Hope

Software => Computer viruses and spyware => Topic started by: RedHawk50 on November 26, 2009, 11:26:47 PM

Title: INTERNET EXPLORER AND APPS HANG, RUNNING SUPER SLOW, TRIED EVERYTHING
Post by: RedHawk50 on November 26, 2009, 11:26:47 PM

I’ve spent hours and hours trying everything I can think of from defragging to deleting temp Internet files to deleting browser add-ons, uninstalling unneeded programs, running anti-virus, anti-spy, anti-mal countless times, and on and on but my pc is STILL running SUPER SLOW- applications hang constantly, especially Internet Explorer 8 – I get "Not Responding" dozens of times per session – many times I can’t close web sites that are "Not Responding", not even with Task Manager – When I’m online, Task Manager always shows there are TWO Internet Explorer processes running, one using around 70, - 95, kb and the other using around 10, - 14, kb. Symptoms seem to get worse at night after being on the Internet for a while.

Don’t know if this is related but it started around the same time. When I boot up now it doesn’t go directly to Windows anymore. It stops at the first black screen and prompts me to press F-1  before it will continue.

 I run anti-virus AVG 9 everyday, and keep it updated. (This may be of interest) > A couple of days ago when I ran AVG 9 in Safe Mode, I had to click on it 4-5 times before it would open.
When it finished running there was a message that said "Scan log was repaired". It showed zero "threats" but "found" was 139. Which turned out to be 139 locked files that couldn’t be scanned. Most of which seemed to be music files. I noticed them in the recycle bin when I emptied it. Hope that got rid of them.

I run Wise Registry Cleaner and Wise Disk Cleaner on a regular basis.
I just switched from AdAware to SuperAntiSpyware and Malwarebytes because the new AdAware installed it’s self as a "service" and ran in the background constantly!

Someone said the reason my machine is running so slow is because I’ve got a virus/ Trojan/ worm, etc. that is continuously trying to connect with other ISP addresses on the Internet to spread it’s self. The instructions on how to find it said click:
Start – Run – at command prompt type: "Netstat – no" – Find the process with a large number of open connections that are not yet established – HOWEVER when I type "Netstat – no" and hit enter, the screen shows it’s self for a tenth of a second and then it’s GONE! This happened repeatedly and still happens.

I’m so sick of "Not Responding", "End Now", "You chose to end the Non Responsive program ___, Tell Microsoft about it" and I’m tired of falling asleep waiting for a web site to open or to close. I’m so frustrated! I’ve done everything I can think of! Any help you can provide would be greatly appreciated!

I’ve done all the initial stuff, and the HJT Log tool showed “No Threats”, I just don’t know what else to do!
 I’m posting the three logs below in hopes that SOMEONE can please help.
Thank you all for being here for us.

Sincerely,

“Hawk”


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2009 at 09:46 PM

Application Version : 4.31.1000

Core Rules Database Version : 4314
Trace Rules Database Version: 2177

Scan type       : Complete Scan
Total Scan Time : 00:54:04

Memory items scanned      : 385
Memory threats detected   : 0
Registry items scanned    : 4316
Registry threats detected : 0
File items scanned        : 28732
File threats detected     : 12

Adware.Tracking Cookie
   C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\tim@doubleclick[2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][3].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\tim@specificclick[2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][1].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\[email protected][2].txt
   C:\Documents and Settings\Tim\Cookies\tim@atwola[1].txt
 
_________________________________ 0 ________________________________


Malwarebytes' Anti-Malware 1.41
Database version: 3240
Windows 5.1.2600 Service Pack 3

11/26/2009 10:26:51 PM
mbam-log-2009-11-26 (22-26-51).txt

Scan type: Quick Scan
Objects scanned: 118051
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


___________________________ 0 _____________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:32 PM, on 11/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MySpace
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1041417460468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257544677125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90FCCF32-BA71-455F-9E2E-DAFBCD5C39B7}: NameServer = 216.165.129.157,216.170.153.146
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\smss.exe (file missing)

--
End of file - 5373 bytes

Title: Re: INTERNET EXPLORER AND APPS HANG, RUNNING SUPER SLOW, TRIED EVERYTHING
Post by: RedHawk50 on December 04, 2009, 12:18:11 PM

A google searched revealed the following:

Anyone noticed that in WindowsXP, IE8 runs TWO iexplore.exe in Task Manager?

The first process can use up to 80,000K of memory and the second copy can use 16,000K. I feel like 96,000K is a lot of memory for IE, especially when a friend who has Windows7 says his IE8 only uses 5-15,000K.

At first I thought it was malware because it was using so much memory. I exhausted myself running all kinds of scans to get rid of it only to realize it was IE8 itself. I was informed recently, it's because of the the Tabs feature and crash recovery. When I uninstalled IE8 and went back to IE7, the problem stopped.

Just something interesting that might save others the frantic search to root out adware. I suppose the bottom line is DO NOT USE IE8 on WinXP.


So I plan on reverting back to ie7. I'll let you know how that works out.




"Hawk"