Computer Hope
Microsoft => Microsoft Windows => Windows XP => Topic started by: computer1000 on November 18, 2006, 02:46:09 PM
-
I have a Windows XP Home Edition Version 2002 Service Pack 2. Computer is AMD Athlon XP 3000+ 2.17GHz, 1.00GB RAM. My C: Drive has 24.6GB Free and a total space of 111GB. Until a few days ago my computer was running fine but now for some unknown reason my computer is HORRIBLY slow at opening ANY file or folder. Even when I try to click on my start menu to bring up a list of programs the screen suddenly freezes and takes upto a minute before I can even browse my Start menu programs! Also when my computer starts up and I open My Computer I see a flashlight icon searching for my drives when normally those drives (C, D etc) all show up instantly now it takes 5 minutes!
I ran SpyBot 4 times already, defragged my C Drive 2 times and ran an antivirus 2 times already. I even adjusted my computer settings in the System program to run for best performance. Nothing worked. My Windows Task Manager says I got 43 processes, my CPU usage is 100%, my Commit Charge is 292M/2461M, My PF USage is 291MB. Also when I try to go online loading pages takes a lot slower than it used to. Someone please tell me whats wrong and how can I fix this short of formatting my drive.
-
How sudden did this happpen?
Was it fine one moment then it just went really slow?
Was it fine one day, then you switched your PC off, when you switched it back on it was like this?
Have you recently installed anything? whether you think it might be the cause or not.
Are you running Virtual PC or any other similar programmes that let you run one operating system on top of another?
I would recommend removing some of that data on your hard drive, back it up to CD/DVD or some other removable media.
-
Well, look at the tasks in Task Manager and identify the one taking the heavy toll on your CPU.
-
Ok I used a Cleaner and ran Hijack this I'll post it in 2 posts. Please tell me what should be deleted.
Logfile of HijackThis v1.99.1
Scan saved at 21:41:39, on 2006/11/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SiSUSBrg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Common Files\AOL\1162943576\ee\AOLSoftware.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{682A3480-0879-1041-1222-030309260051}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\[ch932][ch1072]sks\d[ch957]dplay.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\CompUSA\Desktop\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {FE9B5AE5-C97C-9A85-2B01-CC89692F66CB} - C:\WINDOWS\system32
\ixdqqdkq.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
-
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FCE10B9-A2C5-FD5D-15B3-02350FBFC26C} - C:\WINDOWS\system32\uirhafk.dll
O2 - BHO: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program
Files\ATLAS V11\ATLIECP.DLL
O2 - BHO: (no name) - {4E62C2B4-7E95-49F8-B29C-2B347E53AA42} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1
\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FE9B5AE5-C97C-9A85-2B01-CC89692F66CB} - C:\WINDOWS\system32
\ixdqqdkq.dll (file missing)
O3 - Toolbar: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program
Files\ATLAS V11\ATLIECP.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162943576
\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-
Virus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eip] C:\Program Files\[ch932][ch1072]sks\d[ch957]dplay.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help
Support\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate by ATLAS - C:\Program Files\ATLAS V11\Atlscript.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program
Files\ATLAS V11\Atlscript.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA
Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor
Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program
Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software -
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet
Security Suite\CA Anti-Virus\VetMsg.exe
-
I see a few suspicious things in your logfile. Locate the following files and upload them one at a time to each of the online malware scanners below and post the results.
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\uirhafk.dll
C:\Program Files\Tasks\dvdplay.exe
Online Malware File Scanners:
VirusTotal (http://www.virustotal.com)
Jotti's Malware Scanner (http://virusscan.jotti.org)
- JPH
-
Complete scanning result of "uirhafk.dll", received in VirusTotal at 11.25.2006, 15:12:46 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.46 11.24.2006 TR/Vundo.Gen
Authentium 4.93.8 11.24.2006 Possibly a new variant of W32/Bongler-based
Avast 4.7.892.0 11.23.2006 no virus found
AVG 386 11.25.2006 no virus found
BitDefender 7.2 11.25.2006 no virus found
CAT-QuickHeal 8.00 11.24.2006 no virus found
ClamAV devel-20060426 11.25.2006 no virus found
DrWeb 4.33 11.25.2006 Trojan.DownLoader.based
eSafe 7.0.14.0 11.24.2006 Win32.Polipos.sus
eTrust-InoculateIT 23.73.67 11.25.2006 no virus found
eTrust-Vet 30.3.3211 11.24.2006 no virus found
Ewido 4.0 11.24.2006 no virus found
Fortinet 2.82.0.0 11.25.2006 suspicious
F-Prot 3.16f 11.24.2006 Possibly a new variant of W32/Bongler-based
F-Prot4 4.2.1.29 11.24.2006 W32/Bongler-based
Ikarus 0.2.65.0 11.24.2006 no virus found
Kaspersky 4.0.2.24 11.25.2006 no virus found
McAfee 4904 11.24.2006 no virus found
Microsoft 1.1804 11.25.2006 no virus found
NOD32v2 1882 11.24.2006 a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 11.24.2006 no virus found
Panda 9.0.0.4 11.25.2006 no virus found
Prevx1 V2 11.25.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.123 11.23.2006 no virus found
UNA 1.83 11.24.2006 no virus found
VBA32 3.11.1 11.24.2006 no virus found
VirusBuster 4.3.15:9 11.25.2006 no virus found
C:\WINDOWS\system32\uirhafk.dll
Thanks for the help but how do I get rid of this? My antivirus didn't pick it up and I can't delete it for some reason it says its write-protected or in use?
-
Use KillBox in Safemode...