Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC running very slow


  • This topic is locked This topic is locked
3 replies to this topic

#1 Spyder66

Spyder66

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 25 June 2005 - 10:46 AM

I contacted Brighthouse to test modem and will attach the reply/advice below as well as my HJT log. My cursor is rapidly blinking & my typing text is somewhat delayed in appearing on the screen. My light on my computer appears very active even while my pc is not being used, like there is a lot of activity going on. I ran scan on webroot.com and my risk is low/moderate, and only found 11 adware cookies (also below). I've done as advised by roadrunner/brighthouse and now am turning to the experts :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:58 AM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Intel\VideoPhone\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Intel\VideoPhone\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrolCL] c:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3023168039b96c...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

HERE IS FEEDBACK I FOLLOWED FROM BRIGHTHOUSE:

Looking at your modem, it appears to have a good connection coming in right now. If the problem you describe persists, please call our Customer Support Desk at a number below and we'll be happy to assist you further, including dispatching a technician to your location, at no charge, if necessary.

There are many system configurations which can affect slow connections and browsing. A few would include memory stored in the cable modem that would cause information exchange to the system to be slowed, incorrect proxy settings, full browser cache, and cookies.

For troubleshooting purposes, please disable any firewall software or hardware, router, switch, or other home networking devices, and make sure only one computer is connected directly to your cable modem by either USB or Ethernet.

*MEMORY ON THE CABLE MODEM*

You may wish to refresh the memory that is stored on the cable modem. You can do this by performing a power cycle on the modem and the computer.

To clear the memory on the cable modem, please consider the following:

1) Click Start, and select Shut Down.
2) Click Shut Down, and select OK.
3) Turn off the modem, either by the power switch or by unplugging the
modem from the wall.
4) Wait two full minutes; this will allow enough time for the modem and
the computer to reset the memory.
5) After waiting the allotted time, turn the modem and the computer back
on.

Once the lights on the modem settle back to normal, the power cycle is complete. The modem's memory and the computer's memory have been reset, and the network card should have a new IP address.

*PROXY SETTINGS*

A major key in the speed at which you connect to Web sites, or download a file, is the proxy settings.

To verify that the proxy settings are correct, please consider the following:

1) Open Internet Explorer.
2) Go to Tools and Internet Options.
3) Click on the Connections Tab.
4) Press the LAN Settings button.
5) Ensure that all options on this screen are unchecked.
6) Press Ok, and then Ok again.

*BROWSER CACHE AND COOKIES*

Browser cache plays a significant role in the speed ratio on the Internet. If the cache is full, there will be a decrease in the speed ratio.

1) Open Internet Explorer.
2) Go to Tools and Internet Options.
3) Press the "Cookies" button. Click Ok to actually delete the cookies.
4) Press the Delete Files button. Click Ok to actually delete the files.
5) Press the Settings button, then press the View Files button.
6) Click on Edit and Select All (or CTRL-A) to select all the files.
7) Press the Delete key on your keyboard to remove the files.
8) Press the Yes button if you are prompted to confirm the action.
9) Close the Temporary Internet Files folder.
10) Press Ok, and Ok again in Internet Explorer.

*RESTORE DEFAULTS*

We would recommend that you restore the default settings in Internet Explorer. To do this, please consider the following:

1) Open Internet Explorer.
2) Go to Tools and Internet Options.
3) Click on the Security Tab.
4) Select the Internet Zone, and press the Default button.
5) Select the Local Intranet Zone, and press the Default button.
6) Select the Trusted Sites Zone, and press the Default button.
7) Select the Restricted Sites Zone, and press the Default button.
8) Click on the Advanced tab.
9) Press the Restore Defaults button.
10) Press Ok.

HERE ARE THE ADWARE COOKIES FOUND BY WEBROOT:

360i
About
Apmebf
Atwola
BurstBeacon
Hitbox
Overture
Pointroll
Reunion
specificclick.com
YieldManager

If you see any thing(s)?? wrong on my puter and can instruct for better performance...much appreciated!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 PM

Posted 25 June 2005 - 09:54 PM

Hello Spyder66 and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this thime. The log is clean.

I would follow the advice of your ISP. In addition, there are many applications running on this computer that will cause constant activity. Nero's BackItUp performs scheduled backups, Logitech Desktop Messenger will continuously check for updates and services from Logitech, Microsoft Works Update will chek for Microsoft updates when it discovers an active internet commection and the list goes on. To cut down on the activity you can remove some of the applications that are causing it.

I sould suggest posting your question in the XP forum located here:

http://www.bleepingcomputer.com/forums/Win...0_2003-f56.html

They are very adept at dealing with application and operating system issues and can guide you through optimizing your system for better performance.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Spyder66

Spyder66
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 26 June 2005 - 07:34 AM

Thank you for the check of my HJT log...and I will do as you advised and post my ? in the other forum, too.

:thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:05 PM

Posted 26 June 2005 - 02:26 PM

You're very welcome Spyder66. I'm glad that we could help.

Now that your malware issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users