PDA

View Full Version : XP problems, Need Help



Howlinfox
04-07-2008, 08:40 AM
Hi,
I got some help from this thread:
http://forums.pcworld.co.nz/showthread.php?t=88075
titled XP virus problem,

Anyway, I did a couple thing mentioned on the1st page,
I dl Norton remover and got rid of Norton,
I got Spybot and ran that,
I dl Trojan Remover and ran that,
I dl HiJack This and ran but have no clue what I'm looking at, I only dl it cuz they mention it on that thread,
I also disabled Webroot Spysweeper w Antivirus, took forever to load and system now loads allot quicker and runs a bit faster,
But my problem is how slow it was running and would just shut down (turn off) sometimes. Task manager showed itself running 100% most of the time and computer gets real hot, so I figure there's gotta be allot of stuff running that doesn't need to be. I'd like to slim it down so it runs better.
Norton removal helped allot, but is there anyway that anyone can help me further?
Do I need Spysweeper w/AV loaded all he time? At startup? or do I need it at all, cuz I noticed Nod mentioned, is that what I should use?
I also disabled windows firewall cuz I have Webroot desktop firewall, is that right?
Any help would be appreciated.
Thanks,
Steve :thumbs:

Blam
04-07-2008, 09:21 AM
Post a Hijack log here and wait for Speedy or WanuiTech to analyze it. Meanwhile remove the current firewall you're using with either comdo pro (http://www.personalfirewall.comodo.com/) or ZoneAlarm (http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp) and also uninstall all Antivirus programs and install Avast! (http://www.avast.com/eng/download-avast-home.html). To choose what to run on your startup try Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)

Blam
04-07-2008, 09:22 AM
Also, what are your computer specs?

wainuitech
04-07-2008, 09:40 AM
Welcome to PF1 Howlinfox -

As blam said, post a Hijack Log and lets see if it explains whats causing any problem.

Regarding the Spysweeper - I use that myself, have done for years, BUT when it expires I wont be renewing simply because its now forcing the AV, and It can conflict with Nod32 (which I use) - If you download the spyware from cleaners from my sig as well as SpywareTerminator (http://www.spywareterminator.com/) - install/update and run that will remove any spyware on the system, subject of course to the hijack log being looked at more actions my be required. After looking at the hijack log we can also advice what not to have loading on start up.

Comodo firewall ( the free one) that Blam linked is less system hungry than the webroot one.

Howlinfox
05-07-2008, 10:29 AM
Hey, thanks for the replies.
Ok, my specs are a Compaq presario 2135, 30gig hd, 980 mb ram, running firefox w/ IE add-on, Win xp, I think that's about it, anything else let me know.
Here's the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:09 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\GtDetectSc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Steve Admin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s
O4 - HKLM\..\Run: [QT4HPOT] "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {2516874A-8BF8-4FF9-865A-D7D5C67FFADE} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O16 - DPF: Secure Global Desktop Client, 4.2 - https://vl-trt5.vl-techonline.com/tarantella/java/ttaF-du.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190567236494
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201079524546
O20 - Winlogon Notify: rqRHxutr - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6103 bytes
---------------------------------

I still have to dl & run the 2 spyware programs from your sig wainuitech, and the av and firewall blam said, so I will be doing that very soon, I just don't know if that'll affect the outcome of the HJ reading. If I need to do that first just let me know.
And wain, I didn't know they were forcing av with Spysweeper now, I just renewed and happen to take the av with it this time, but I don't think it was being forced at that time, only a few weeks ago, that's weird, maybe being in a different country has something to do with it. But it just takes way too long to load, almost 15 minutes, but I just unchecked load at startup option, and wanna get rid of it, but I thought Nod seemed to be what you guys were recommending on the other thread, but blam says to go with Avast, so now I'm confused, are either free? I'm gonna dl Avast I guess since that's what was recommended. I know you said only one though. Blam, you said Avast cuz it's less system hungry?

Anyway, again, thanks allot for taking the time to help me out guys, I really appreciate it.
Steve

Howlinfox
05-07-2008, 10:34 AM
Forgot, xp is running sp2.

Speedy Gonzales
05-07-2008, 10:45 AM
Tick these then tick fix checked

Close browsers

O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)

O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

O4 - HKLM\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

O9 - Extra button: Advisor - {2516874A-8BF8-4FF9-865A-D7D5C67FFADE} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

O20 - Winlogon Notify: rqRHxutr - C:\WINDOWS\

Then reboot