start up problem - NEW ISSUE

  1. 12-01-2006  #1
    Tricky
    Tricky is offline Newbie

    Re: so slow

    Hi, could you please take a look at the lasted hijackthis log from today, the people at work have been messing with my computer and starting up today I found AVG had been removed (now re-installed) but the whole computor is running at a snails pace.

    Thanks

    Log

    Logfile of HijackThis v1.99.0
    Scan saved at 11:55:20, on 12/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\RICHAR~1.WAL\LOCALS~1\Temp\HijackThis. exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mobilis Healthcare
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.d ll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Homepage - {3F014114-D67A-4C52-8417-B1A521E60237} - http://www.btopenworld.com/default (file missing) (HKCU)
    O9 - Extra button: BT - {9E05DB71-8298-4E7D-8CA3-689A473D6B27} - http://www.bt.com (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Mobilis.local
    O17 - HKLM\Software\..\Telephony: DomainName = Mobilis.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5244D-8768-4258-B475-CEDCCC873503}: Domain = mobilis.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5244D-8768-4258-B475-CEDCCC873503}: NameServer = 100.0.0.30 100.0.0.30
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D197105C-F432-41D1-8C81-33B7FE2513CA}: NameServer = 62.6.40.162 194.72.0.98
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Mobilis.local
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

  3. 12-01-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    [Please NOTE: I have split this new post issue into a separate topic]


    First move Hijackthis out of the TEMP folder (or Desktop) and put it in a permanent folder somewhere and run it from there:
    • Create a new folder in your C: Drive. Name it HJT (or HijackThis) such as C:\Program Files\HJT, C:\HJT and move the HijackThis.exe file in it.
    • It's best for this tool NOT TO be located in your Desktop or in a TEMP folder. This way you can undo any changes if something goes wrong.






    Since your last previous post:
    http://www.d-a-l.com/help/showthread.php?t=31198

    your ISP arrangements appear to have changed to Mobilis from BT:

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Mobilis.local
    O17 - HKLM\Software\..\Telephony: DomainName = Mobilis.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5244D-8768-4258-B475-CEDCCC873503}: Domain = mobilis.local

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5244D-8768-4258-B475-CEDCCC873503}: NameServer = 100.0.0.30 100.0.0.30 (new suspect USA DNS source)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D197105C-F432-41D1-8C81-33B7FE2513CA}: NameServer = 62.6.40.162 194.72.0.98 (redundant BT DNS Source?)

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Mobilis.local



    The simplest resolution for this may be as follows:
    • Please go to Start -> Control Panel, and choose Network Connections.
    • Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.
    • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.
    • Click OK twice, and restart your computer.



    Otherwise or in addition,
    You may want to try to fix the following HJT item entries (if appropriate - ask your ISP):

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3AF5244D-8768-4258-B475-CEDCCC873503}: NameServer = 100.0.0.30 100.0.0.30
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D197105C-F432-41D1-8C81-33B7FE2513CA}: NameServer = 62.6.40.162 194.72.0.98

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.




    Re-run all your scanning tools that you have previously been using (SpyBot, Ad-Aware, Ewido, Panda, Kaspersky, etc.)


    POST A REVISED HIJACKTHIS LOG for review if you make any suggested changes:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
+ Reply to Thread
« IE errors when closing - HJT logfile inserted | HELP POPUPS cant stop »