PDA

View Full Version : Can Someone PLEASE help me with this XP problem Im having.



bonefidefool
31-05-2007, 06:38 PM
Ok Ill try to be brief and start fromt the beggining. Had some type of virus or trojan. Nothing I used Norton, alltypes of online scans would get it off, it just kept coming back. It was using Internet explorer to make pop up adds presented by ZEDO and all that, Pluss I had that dreaded WinAntiVIrus crap poping up every time i opened another page some where. After the frustration of not being able to remove any of them, i just downloaded Mozilla fox fire and , blocked IE from even connecting with the internet. I actually got rid of the level 7 Of IE.
Everysince then , My Windows Explorer is running really crazy and freezing badly. If im looking at video or a movie the picture always freezes but the sound keeps going untill the video jumps and catches up with it. If Im trying to navigate different windows , everything takes all day ,when im in yahoo messenger , the typing delay is crazy , I can type a whole 800 characters, but by the time i look up to see or check on what I written, its always way behind my actual typing and whats going on on the screen.

This whole deal is crazy to start, now im almost as worse off as I was with the pop ups.

PLEASE can some one help me ? I'm no pc expert but I have fixed my pc a lot from forums like this.


Bone

Jen
31-05-2007, 06:47 PM
Welcome to PressF1 :)

It sounds like you still have malware (viruses/trojans etc) on the computer which is slowing it down.

Download the program called HijackThis (http://www.majorgeeks.com/download3155.html) and put it in its own folder. Run the program and then post back here with the log generated.

pctek
31-05-2007, 07:17 PM
Nortons won't help0.

Apart from Hijackthis also download and run Spybot, Adaware SE Personal and RogueRemover.

Run them in safe mode.

Disabling IE hasn't cured your PC.

SurferJoe46
01-06-2007, 05:36 AM
Turn off System Restore*, stop all use of IE, clean and do all that in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) to more likely kill the offender.

Norton's is a waste of time/money and RAM..get rid of it and don't look back.

I'd also run CCleaner (http://www.filehippo.com/download_ccleaner/) at every scan and cleaning for a while..it'll get rid of the garbage and broken trails/links/files that you are trying to get rid of. There are some setting to discuss about it...you will need to turn some options ON and some others OFF.


* Steps to turn off System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message,

You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

You'll see:
Do you want to turn off System Restore?
...........click Yes to confirm that you want to turn off System Restore:
After a few moments, the System Properties dialog box closes.

Strommer
01-06-2007, 07:22 AM
Norton's is a waste of time/money and RAM..get rid of it and don't look back. [/INDENT][/I]

Yes Nortons is crap and it cannot be uninstalled the normal way so you will need the special Removal Tool found on the Symantec site - google it or come back here for a link.

Replace it with Avast antivirus, a freebie.

beeswax34
01-06-2007, 01:58 PM
Or Kaspersky which is also quite good and you'll need a good firewall as well such as Comodo or ZA.

bonefidefool
01-06-2007, 05:13 PM
Ok Here goes that Hijack this Log file.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\gets\software\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\fvpccpyf.dll",realset
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179544383297
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179673096546
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

i ogt like way to many spy ware tools running i think , I got like 2 fire walls,. One Live care and the PC tools one.

Oh yeah another question too, When you have your Task manager open, How does the amount off CPU's (I guess) being used effect your pc, and if it does , Why Is my System Idle Process always above 90?

Other than that Ill try to follow the other advice given on here. Thank you folks very much,., Waiting one the results of the hijack thingamawhosits.

Speedy Gonzales
01-06-2007, 06:58 PM
What version of HJT did u use??

Don't run 2 firewalls at the same time, they'll conflict. Uninstall one.

I would get something better than Onecare.

Run hijackthis again tick these entries and tick fix checked. Close browser/s.

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\fvpccpyf.dll",realset

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

beama
01-06-2007, 07:38 PM
also
are you running two firewalls if so they will clash, choose one and run that unistall the other

bonefidefool
02-06-2007, 09:18 AM
THANK YOU , THANK YOU, THANK YOU!!!!!

That worked out well.

One last question until Im too dumb to fix the next problem. When did XP home addition go back to the windows 2000 type log in screen? YOu know the one when you hit control alt delete it gives you the options of task manager and all that? Or is something wrong there too? When it logs on the box pops up for me to log in or shut down and all that just like the office version of XP or windows 2000.

SurferJoe46
02-06-2007, 12:34 PM
THANK YOU , THANK YOU, THANK YOU!!!!!

That worked out well.

One last question until Im too dumb to fix the next problem. When did XP home addition go back to the windows 2000 type log in screen? YOu know the one when you hit control alt delete it gives you the options of task manager and all that? Or is something wrong there too? When it logs on the box pops up for me to log in or shut down and all that just like the office version of XP or windows 2000.

I've had that happen on a few XP installs and not on others...although I thought I did them all the same...so...


It must be a setting somewhere or an idiosyncrasy with some machines that makes that happen. Somehow I get the old-fashioned log in and then again, sometimes I don't but it appears to be on a machine by machine set of circumstances.

Come to think of it, that problem usually was on Compaqs a lot...but I mean really old Compaqs with wind-up PSUs.

The_End_Of_Reality
02-06-2007, 12:54 PM
In all my XP installs I have had the normal login screen... but as soon as I setup a server with a Domain Controller and set the Network ID Member to the domain I get the ctl + alt +del login box and even if I change it back to a workgroup it is still the ctl + alt + del login box...

But to change it back to the welcome screen:

Log in with administrator access.
Click on Start, Control Panel, and select user accounts.
Click on Change the Way Users Log On or Off.
Click on the Box "Use the Welcome Screen" so that there is a check mark.
Done!