Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet is EXTREMELY SLOW


  • This topic is locked This topic is locked
11 replies to this topic

#1 SiriusMuggle

SiriusMuggle

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 May 2005 - 01:13 AM

Within the last 24 hrs, my homepage has changed twice w/o my changing it; my internet is extremely slow - it's making dial up look like a rabbit! Fonts and fonts size are also acting screwy. I've run Ad-Aware SE, Spybot S&D, McAfee QuickClean, Virus Scan, Defrag, rebooted...all to no avail. Here is my HJT log...any help that you can offer will be greatly appreciated:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:10 PM, on 5/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith & Laine\Desktop\Desktop BS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...t/TLIEFlash.CAB
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 17 May 2005 - 04:53 PM

Hi SiriusMuggle. There is nothing showing in the log so let's look for anything that might be hiding.

Download PFind.zip and unzip the contents to its own permanent folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:
  • Restart the computer in Safe Mode.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the pfind.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\pfind.txt back here and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 SiriusMuggle

SiriusMuggle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 19 May 2005 - 11:49 PM

Thank you Old Timer. I did as you said, and here is the PFind log, and an updated HJT log. Just to let you know, my computer has become slower and slower since I first posted on the 16th. Again, thank you for your help:

Files found with this application may be legitimate.
Only remove files that you know are malware related.


Checking the C: folder



Checking the C:\Program Files folder



Checking the C:\WINDOWS folder



Checking the C:\WINDOWS\SYSTEM32 folder

C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack


Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder



Checking the C:\Documents and Settings\All Users\Start Menu\programs\Startup\ folder




Checking the C:\Documents and Settings\All Users\Application Data folder












Checking the Windows folder for system and hidden files within the last 60 days


C:\WINDOWS\
bootstat.dat Thu May 19 2005 9:17:34p A.S.. 2,048 2.00 K
window~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K

C:\WINDOWS\DOWNLO~1\
desktop.ini Tue May 10 2005 10:22:34p ...H. 65 0.06 K

C:\WINDOWS\FONTS\
desktop.ini Tue May 10 2005 10:23:12p A.SH. 67 0.06 K

C:\WINDOWS\INF\
oem1.inf Tue May 10 2005 10:56:24p ...H. 0 0.00 K

C:\WINDOWS\OFFLIN~1\
desktop.ini Tue May 10 2005 10:22:34p ...H. 65 0.06 K

C:\WINDOWS\REPAIR\
ntuser.dat Tue May 10 2005 10:23:42p A..H. 229,376 224.00 K

C:\WINDOWS\SYSTEM32\
cdplay~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K
logonu~1.man Tue May 10 2005 10:22:34p A..HR 488 0.48 K
ncpacp~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K
nwccpl~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K
sapicp~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K
window~1.man Tue May 10 2005 10:22:34p A..HR 488 0.48 K
wuaucp~1.man Tue May 10 2005 10:22:28p A..HR 749 0.73 K

C:\WINDOWS\TASKS\
sa.dat Thu May 19 2005 9:16:14p A..H. 6 0.00 K

C:\WINDOWS\SYSTEM32\CONFIG\
default.log Thu May 19 2005 9:17:24p A..H. 8,192 8.00 K
sam.log Thu May 19 2005 9:18:48p A..H. 1,024 1.00 K
security.log Thu May 19 2005 9:17:34p A..H. 16,384 16.00 K
software.log Thu May 19 2005 9:18:50p A..H. 57,344 56.00 K
system.log Thu May 19 2005 9:17:40p A..H. 843,776 824.00 K
tempkey.log Tue May 10 2005 3:10:40p A..H. 1,024 1.00 K
userdiff.log Tue May 10 2005 3:10:40p A..H. 1,024 1.00 K

C:\WINDOWS\PCHEALTH\HELPCTR\PACKAG~1\
pab1d9~1.cab Tue May 10 2005 11:45:50p ..SHR 305,145 297.99 K
pab5d9~1.cab Tue May 10 2005 11:47:52p ..SHR 68,327 66.72 K
packag~1.cab Tue May 10 2005 10:22:54p ..SHR 727 0.71 K
packag~2.cab Tue May 10 2005 10:22:54p ..SHR 19,854 19.39 K
packag~3.cab Tue May 10 2005 10:22:54p ..SHR 243,124 237.43 K

C:\WINDOWS\SYSTEM32\CATROOT\{F750E~1\
kb8938~1.cat Wed May 4 2005 2:45:46p ..S.. 29,493 28.80 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\
ntuser~1.log Tue May 10 2005 11:14:24p A..H. 1,024 1.00 K

C:\WINDOWS\TEMP\HISTORY\HISTORY.IE5\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 113 0.11 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\
desktop.ini Tue May 10 2005 3:12:02p A.SH. 62 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\
desktop.ini Tue May 10 2005 3:12:02p A.SH. 62 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\SENDTO\
desktop.ini Tue May 10 2005 10:22:36p A.SH. 181 0.18 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\
desktop.ini Tue May 10 2005 3:12:02p A.SH. 62 0.06 K

C:\WINDOWS\SYSTEM32\MICROS~1\PROTECT\S-1-5-18\
3df436~1 Wed May 11 2005 12:49:58a A.SH. 388 0.38 K
prefer~1 Wed May 11 2005 12:49:58a A.SH. 24 0.02 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\45AJK9U7\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\H3F00SFK\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\QXDKYQEI\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\U9A3WV6V\
desktop.ini Wed May 11 2005 12:09:46a ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\HISTORY\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 113 0.11 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\
desktop.ini Tue May 10 2005 10:23:42p A.SH. 206 0.20 K

C:\WINDOWS\SYSTEM32\MICROS~1\PROTECT\S-1-5-18\USER\
a96b46~1 Tue May 10 2005 10:44:00p A.SH. 388 0.38 K
prefer~1 Tue May 10 2005 10:44:00p A.SH. 24 0.02 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\HISTORY\HISTORY.IE5\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 113 0.11 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\
desktop.ini Tue May 10 2005 10:23:40p A.SH. 482 0.47 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\STARTUP\
desktop.ini Tue May 10 2005 10:23:40p A.SH. 84 0.08 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\4RSW7PG7\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\94T3DGDW\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\B0IW6SWF\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\F9YQW11Y\
desktop.ini Tue May 10 2005 10:22:56p A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\ACCESS~1\
desktop.ini Tue May 10 2005 10:23:40p A.SH. 348 0.34 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\ENTERT~1\
desktop.ini Tue May 10 2005 10:23:40p A.SH. 84 0.08 K

56 items found: 56 files, 0 directories.
Total of file sizes: 1,837,030 bytes 1.75 M

****************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:44:44 PM, on 5/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Keith & Laine\Desktop\Desktop BS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...t/TLIEFlash.CAB
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 20 May 2005 - 11:31 AM

Hi SiriusMuggle. That can is clean also. It does not appear that the problem is caused by any kind of malware.

Try this. Press the Ctrl-Atl-Del keys at the same time and click on the Task Manager button. Now click on the Processes tab and click the column heading for Cpu. This will arrange the running processes by how much cpu usage each one is taking up with the highest ones at the top. What process(es) does it show using the most cpu usage?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 SiriusMuggle

SiriusMuggle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 20 May 2005 - 06:13 PM

Okay Old Timer, here it is, in part:

System Idle Process 99
iexplore 00
mskagent.exe 00
mcvsescn.exe 00
mcvsshld.exe 00
alcxmntr.exe 00
mpftray.exe 00
dvamsgr.exe 00
msmsgs.exe 00
plguni.exe 00
explorer.exe 00
taskmgr.exe 00
wkufind.exe 00

And there are many other processes all running at 00 as well...frustrating I tell ya.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 20 May 2005 - 08:27 PM

Hi SiriusMuggle. Try this.

Completely uninstall McAfee and see if the slugishness goes away. then reinstall and see if it comes back or if it went away it stays away.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 SiriusMuggle

SiriusMuggle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 25 May 2005 - 02:32 PM

Old Timer, I have myself in a quandry - I uninstalled McAfee; still running slow. I went to a local computer shop and they told me that my location could be part of the internet speed issue (I have cable internet), but that McAfee and Norton are notorious hogging speed and they're not very effective in blocking most malicious viruses, spyware, trojans, etc. because a good bit of these have scripts written specifically to get around the most popular anti-virus programs (like McAfee and Norton). He said they have a program (I didn't get the name) for $29.95 or I could try the program offered by my internet carrier. So that's when I came home, uninstalled McAfee and then tried to download my internet company's security package - guess what? They've had speed issues in my area as well as problems with the links to their security package. So, I thought that in the meantime I'll put Norton (yes, I have both) on my computer and wait for my security company's issues to get resolved. Well, my computer got slower. So, I took Norton off. I was finally able to get to download and install my internet company's security package and it got to the end and told me that before installation could complete, I need to uninstall Ad-aware SE and Spybot S&D...which I did and then it never installed. I tried to go back and re-download the internet company's package again, couldn't get to the link. I contacted them and they gave me a bunch of lame instructions (which included putting Spybot S&D and Ad-aware S&E back on the computer - WTH?) and I'm rambling, but I think you get the picture here. The part that frustrates me the most is that they said I seem to have a lot of suspicious traffic from port 135 on my modem/computer and that alone says I have some kind of virus, spyware, etc. despite all the scans I've done. But then again, I don't have anything on my computer right now. So what do I do?! I'm about to pull my hair out! Do I put McAfee back on and call it day, put Norton on, or just chuck the computer out the window?

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 25 May 2005 - 03:53 PM

Hi SiriusMuggle. I would suggest using one of the free anti-virus applicaitons and firewalls that we recommend. I use the Avast anti-virus and the Sygate firewall and they work wonderfully.

Here are the recommended applicaitons that we suggest:

You should have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 SiriusMuggle

SiriusMuggle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 27 May 2005 - 12:15 AM

Ok, I am RE-un-installing McAfee (bout to chuck computer out window now :thumbsup: ) and try one of the fine programs you have recommended. Here is my latest HJT just in case I have acquired some virus, spyware, or other malware during this whole soap opera:

Logfile of HijackThis v1.99.1
Scan saved at 10:10:59 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro V1.3 Build 272\YTunnelPro.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Keith & Laine\Desktop\Desktop BS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/...t/TLIEFlash.CAB
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 27 May 2005 - 12:30 PM

Hi SiriusMuggle. the log is still clean so uninstall away!

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 SiriusMuggle

SiriusMuggle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 31 May 2005 - 04:06 PM

Since installing Kerio and Avast, computer is running much better! Thank you Old Timer!

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 31 May 2005 - 05:46 PM

You're very welcome SiriusMuggle. I'm glad that we could help and I'm glad to hear things are runing more smoothly.

Now that your issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users