Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer infected or just old and slow?


  • This topic is locked This topic is locked
16 replies to this topic

#1 herofallenvillain

herofallenvillain

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 April 2010 - 03:31 AM

Hello My name is Josh, and I have tried all I can to get some speed back into my pc.
Nothing seems to work.

I am running...
Windows XP Home Edition
emachines [ T3504 ]
Intel Celeron D Processor 352 [ 3.20 GHz | 533 MHz FSB | 512 KB L2 Cache ]
100BG hard drive
256 MB DDR SDRAM

I have had many security software programs through the years ending with this line-up...
COMODO - Anti-Virus & Firewall
Malware Bytes - Anti-Malware
SUPERAntiSpyware - Anti-Spyware
(I have Malware Bytes & SUPERAntiSpyware disabled on startup and only use them for scans to cut down on running programs, while using COMODO as the realtime protection program.)

I also use
CCleaner
Smart Defrag
TFC(temp. file cleaner) by oldtimer
HiJackThis
Security Task Manager
&
FreeRam XP Pro (RAM optimizer)

My computer is around five years old, and was never very impressive. However it has been reduced through the years to the point where sometimes even a right click menu can take several minutes to display from time to time, and EVEN when running a single program (say a single tabbed internet browser session). It seems to bog even if the program is idle such as reading or typing within a single page. I understand the "bogging effect" of running too much at once, so I try my best to give only one command and wait for it to process. Yet still I find myself ready to pull my hair out and toss the thing out the window! It seems to "bog" randomly as well as seems to run fairly freely from time to time. These "freed up periods" come and go and to the best of my knowledge isn't related to the programs running. For example it'll bog while nothing is actively running as well as throws me for a loop when it impressively handles several internet tabs and programs.

I've cut the startup programs down to the essentials, and it still takes about 8-10 minutes to fully boot up and "free itself". I seem to spend more time performing clean-ups, defrags & scans than I spend using the thing! I've monitored forums such as this and done as much as I can think to do! I have all but excepted my computer is either corrupted(whether or not I have removed the culprit) or simply outdated!

With the long line-up of security software including McAfee, Spy-ware Doctor & AVG I have detected and removed all sorts of infectious material, yet seem to be left with a corrupted system. Including things like IE disappearing. It's still installed as it can be forced open using webpage files, internet links from programs and the like. Yet I cannot seem to locate it in the system. The default IE folder contains what appears to be the proper files however they have mui extensions on top of the "primary" file (iexplorer.exe.mui).
Task Manager also seems to be corrupt as it ONLY displays the processes, the other tabs have disappeared entirely. Sometimes the icon doesn't even display in the system tray. I've even had to end the task manager PROCESS to close it!

Something else that seems strange is that the system idle process seems to near always be in the 90's, which to my understanding should mean the computer is virtually freed up. This seems to be the case EVEN when the system near freezes and task manager is opened to help resolve the issue. To clarify, AFTER task manager is opened and showing process changes in "realtime", the problem program is STILL frozen, and computer is "bogging", the idle system process STILL says 90some. I don't see how this is even possible.

Despite the bogging down of the system it doesn't USUALLY completely freeze. Normally it's just the program in use that freezes, along with the system bogging. Though it may take several minutes to open task manager, kill program and get the system running again, it usually frees back up (to usual sluggishness anyway). I DO have a problem with starting up frequently. It flashes the initial emachines logo page, then seems to enter DOS and stop with the lonely flashing underscore in all it's solitude. No key commands seem to be of use at that point, leaving no other option than a forced shutdown. To prevent this I have to monitor restarts and key-command it to boot the drive directly.

I have an external hard drive, so all but system files and programs have been moved there to free up as much space as possible! As well as uninstalled anything not used or needed. Followed by using programs like CCleaner to remove old registries and errors.

I've attempted to update all software where possible.

I have no idea what else to do, without paying for those "speed up your computer" programs, which I refuse to pay for without some trusted review, as I doubt their effectiveness. Mainly due to most appearing to do nothing much more than scan registry errors!

I've all but reinstalled XP, however I did not recieve an XP install CD with the computers purchase (which is a mistake I'll never make again). Therefore I'm limited in my options, because as to my understanding you CANNOT reinstall without it! There is a floppy disk option, but it seems that only aids the CD installation, as well as I don't have a floppy drive anyway!

I've investigated using the "built-in CD" or C:\windows\I386 folder to reinstall, however I'd rather not in fear that those files have been infected and will lead to more headaches and a STILL corrupted system!

Is there something I am missing?
I suppose I am "out of my league" here, and at my wits end!
Is it EVEN possible to fix my system, or do I need to attempt to track down an XP install CD?

I appologize for the extensive post. However I am attempting to give as much information possible to try and resolve these issues as soon as possible, as I own a website, and have a lot of work to get done!
I ALSO understand I am supposed to post a single problem at a time, yet I'm not sure WHAT the problem IS!

Can someone please help me?

DRIVEN --> :thumbsup:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 13 April 2010 - 08:12 AM

Slowness and performance issues as you describe are not uncommon, especially with older computers. If you're not finding any malware, please refer to Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness and poor performance besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 s1lents0ul

s1lents0ul

  • Members
  • 544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 13 April 2010 - 08:33 AM

emachines [ T3504 ]

256 MB DDR SDRAM <----Windows SP3 needs almost 200mb of ram to startup. Your ram is almost all gone before u even get to your desktop, if you add more ram you will notice an increase in performance.

The following steps will help increase startup time:

1.Goto Start>Run --type in "msconfig" without the quotations.
2.Goto the Startup Tab - disable ALL
3.Goto the Services Tab - check the "Hide All Microsoft Services" checkbox, then the remaining items left will be everything you have added to the computer, intentionally or un intentionally(malware, ect..)

NOTE - Go Back Through the Startup and Services Tab, go through the lists, and only check what you need/want to startup. Read each line carefully.

Hit the OK button, to save and close the screen. A Message will appear that says you must restart you computer for the changes to take effect, this is suppose to happen, and hit the Restart option.

When your computer reboots, take notice to what does and doesnt start up. If something still is starting up that shouldnt, go back and find it and uncheck it. If something isnt starting up, u missed it when you went back through to check the ones you want on startup. (I have had cases where even tho you unchecked it, when you reboot, it still starts, and is rechecked--if its a SAFE program, like quicktime does this every time u open it, it will recheck itself, then try disabling its startup from inside the program, if its one of the ones that seem ODD or you think maybe malware or whatever, which i have come across also, you can report it here and recieve help.

^This method releases alot of RAM because even if you dont/arent using a program, if you let it start up and close it, 1-it still used RAM to start up, 2. RAM stores the program incase its reopened so it can start up faster. This will also let you look at everything that is starting up, you can see if any of the processes look odd, post them on this forum and have people help you.

Hope this helps you and makes your life a little faster! :thumbsup:
==]--s1lents0ul-->

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 13 April 2010 - 08:39 AM

MSConfig (System Configuration Utility) is a troubleshooting utility used to diagnose and fix system configuration issues. In the Summary section Microsoft says "The System Configuration utility helps you find problems with your Windows XP configuration. It does not manage the programs that run when Windows starts."

Although it works as a basic startup manager, msconfig should not be used routinely to disable auto-start programs. It is a temporary solution and not a good practice for the following reasons:
  • When uninstalling programs while disabled with msconfig, they may not be uninstalled properly and manually editing the registry will be required to remove everything.
  • Msconfig will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot up errors.
  • Msconfig only allows you to disable entries. To completely remove an entry from its' list you have to edit the registry, or use a third-party tool like Msconfig Cleanup Utility or a startup manager.
  • Msconfig allows malware related items to hide in your registry which you may not see or affect your computer until switched back to normal startup mode. This could then result in reinfection of the computer.
  • Msconfig does not list all applications loaded in all possible startup locations (some entry points are hidden and unknown to the user).
You should not use msconfig to disable startup applications related to services. Doing so alters the registry and there are services that are essential for hardware and booting your system. When you uncheck a service in msconfig, you completely disable it. If you uncheck the wrong one, you may not be able to restart your computer. You should only disable services using the Services Management Console (services.msc) where you cannot disable services that may be vital to boot your system.

Black Viper's warning: Why can't I use msconfig to change my services?

Note: Changing the default settings for services can be risky and might prevent key services from running correctly. Only change the status of a service if it is necessary.

A better alternative is to use a startup manager like:Most of this information is provided in the Slow Computer Guide link in my previous post.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 April 2010 - 05:48 PM

Well I DO say I didn't expect such a rapid response^^
Thank you!

However, with all due respect, I understand my post was long, yet I already stated I've cut my start-up program down to the essentials.
AS WELL as keep overly regular "maintenance" including advanced clean-ups, advanced defrags & registry cleans!
like I said, I seem to spend more time "maintaining" this computer than using the bleeping thing!

For the satisfying of interest...

1 ) I did NOT make any changes through "msconfig" as I don't feel it was needed OR is "out of my league".
2 ) This is the list it presented...

START-UP
A ) "nmctxth" - This is a pure networks Platform file/process from my Cisco/Linksys Router
B ) "nmapp" - This is also a pure networks "sister" file/process(the Networks Magic program I suspect)
C ) "dumprep 0 -k" - I have no idea what this is but looks too dangerous to delete without instruction
command - "%systemroot%\system32\dumprep 0 -k"
location - "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
D ) cfp - COMODO(anti-virus/firewall) file/process
E ) mylbx - MyLockbox file/process (very small program)
F ) ctfmon - To my understanding this is a valid system file/process
command - "C:\WINDOWS\system32\ctfmon.exe"
location - "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

SERVICES (all running except where noted)
A ) Anti Hotkey Poller (Status-stopped) - I have no idea what this is but my computer was bought with "ATI Radeon Xpress 200"
B ) ATI Smart (status-stopped) - same as above
C ) COMODO - anti-virus & firewall
D ) FSPro - (manufacturer-FSPro Labs) - NO idea what this is
E ) Windows Cardspace (status-stopped) - NO idea what this is
F ) Java Quick Starter - assuming Java lmao but idk how java works on computer
G ) Pure Networks Platform Service (status-stopped) - Again this is my Cisco/Linksys Router
H ) nProtect GameGuard Service (status-stopped) - No idea what this is
I ) Windows Defender - DUH^^
J ) Windows Media Player Network Sharing Service (status-stopped) - asumming WMP
...I've attempted to cut down anything I can however I am leary of killing things IDK!


Replying to quietman7...
I have a hard time believing that my computer "hiding/misplacing/corrupting" things is normal...I can't say because I'm no professional. Yet is still seems more likely something has corrupted my system! Like I said I understand that my computer was never impressive, yet as I stated in original post my task manager has ONE TAB! Surely that isn't because my computer is old?!?!? This is simply ONE example of the "misplaced/corrupted" programs/features.
I do NOT expect my computer to magically speed itself up to modern computer standards, yet there must be a way to get a fairly smooth running computer as long as the system is well maintained and not "pushed" with overloading software/programs... If this is NOT the case...what is everyone else with Windows XP doing? Surely you're not telling EVERYONE with an old XP OS with limited RAM is completely SOL?
...are you? :flowers:

Replying to s1lents0ul...
Thanx for the SP3 factoid^^ I didn't know that...
Though it delivers a hard blow to my hope! I DID attempt to install more ram, however I was misinformed and now have a 2GB DDR2 RAM sitting around with no use as I need a DDR RAM ><
Currently I am having financial issues and unable to get the proper one.

And replying to quietman7 again...
Thanx for the warning, and I am looking at your slow computer link.

--------------------

IN SUMMARY....
I feel the direction in solution is running offtrack...
I KNOW my computer is outdated...
Yet I'm all but certain my computer is infected and/or STILL corrupted from a previously removed infection!
...and the whole POINT in posting this thread is to get a professional to look over my computer to see if there is...
1 ) Something I missed
2 ) Something my scan engines are missing(or left alone as IDK what to do with it)
OR
3 ) Something HAS been corrupted and either...
A ) CAN be fixed, and hopefully get help in doing so
OR
B ) CANNOT be fixed and my only hope is wiping drive and reinstalling!

I already have all of the software/programs used by this site, yet I don't have the know-how to use some of them. AS WELL as the site seems to forbid posting those logs without being instructed to do so....
SO....
I guess I'm still waiting for someone to help me with this "advanced assistance"

I DO appologize if I come accross as rude! I don't mean to be I'm just at my wits end with this bucket of sparking bolts lmao
Thanx again for any assistance!
It IS appreciated

STILL DRIVEN :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 13 April 2010 - 06:10 PM

The Slow Computer thread has numerous suggestions to try, that's why I asked you to check their first...Tweaking your startups was just one of many things we have put together that all affect system performance.

regular "maintenance" including advanced clean-ups, advanced defrags & registry cleans...
still seems more likely something has corrupted my system!

Using registry cleaners can result in system corruption. Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

:inlove: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

:flowers: Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

:thumbsup: Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

:trumpet: Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

:huh: The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

as I stated in original post my task manager has ONE TAB! Surely that isn't because my computer is old?

No its not because its old or because of any corruption. If you cannot see any tabs in Task Manager, then that means it is running in "kiosk mode" (presentation mode) which does not show the tabs or menus at the top. Sometimes this occurs accidentally if you open and use Task Manager often. To get it back to normal mode, open Task Manager and double-click anywhere within the blank (open) border area to reveal the tabs. See Task Manager Lost Tabs!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 April 2010 - 07:49 PM

WOW
I see^^
I'll definitely keep that in mind about registry entries.
and I never would have tried the task manager fix^^

OK well I see now why you approach this the way you did...
However, is there a way I can be assisted in overlooking my system to see if there is infection?
Did I open the post in the wrong area?
(I think I did >< )

Well anyways, thanx for your help in "maintaining outdated slow computers"!
I'm still running through some of the suggested solutions, not sure if they've helped noticeably yet.

#8 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 13 April 2010 - 07:51 PM

I feel like kinda stupid now that I double click the task manager bar!
That doesn't even seem like it would be useful lmao

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 13 April 2010 - 08:38 PM

Just because you don't know about a particular feature, doesn't mean you are stupid...it just means you didn't know.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 14 April 2010 - 08:17 AM

Well I can't seem to get the thing to run properly (Kaspersky)!
I seems to want to start, just into the scan...
then the best I can seem to get is a long pause, then a flash of 19 seconds in it's stats display, and it seems to just freeze up...
I've tried it a few time the longest being 4+ hours of what seems to be an unresponsive page :thumbsup:
During that attempt, I had left it completely alone(not even a screen click), while it was the sole tab in browser and no other programs running...
I've attempted to track the scanner through the Kaspersky site, and it states on the online scanner info page something to the effect of it is being updated and improved...I'm wondering if it's temp disabled ~shrugs~

I'm gunna try it once again, but idt it's gunna work...

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 14 April 2010 - 11:10 AM

Then try this one instead.

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to begin.
  • If offered the option to get information or buy software. Just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

    C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 15 April 2010 - 04:03 AM

Wow...
that took near 7 1/2 hours ><
...as it scanned my external HD as well (of course finding nothing as I'm fairly sure those files are safe).
What it found appeared to be adware.
Well here it goes...

--------------------------------RESULTS----------------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=df53df2df4101540aae73a8264bcc787
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-15 08:46:31
# local_time=2010-04-15 04:46:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777189 80 92 0 3559194 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=111775
# found=48
# cleaned=48
# scan_time=25953
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\admouwwg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\bxycsgfv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\chebcbyd.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cmwpieur.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\cwdadppw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\edepufdo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\etaffgoq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\fxhybiwk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\hlmqdnnq.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ibgxranx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\jtfkvnce.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\krsjooqx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\kytefxnn.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lbvnrjpw.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ldrutgrp.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lVuuxyay.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\lVuuxyay.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mjmfdaiu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\mohpcwot.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ngyvtxlf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\nxrjoocj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\obhhqjal.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\oscrctts.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\osovgxgu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qBbIStwa.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qBbIStwa.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\qqabjgvc.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rejnjqkv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rXyaJkkj.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rXyaJkkj.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\sjxrsvhl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\svblohos.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\syxnsmas.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\tfwoydnr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\thsnfjsa.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\toavsypl.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\umckkfei.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\vgixhnee.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\vhtixdgu.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wlokstcs.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wmaxggqv.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wofsddci.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wpengueg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\xevecayg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\xhljrjfk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\xvisnodr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\ygpelfkk.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 15 April 2010 - 06:34 AM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 15 April 2010 - 11:10 AM

A bit better, thanx.
Noticeably within system browsing.
Still a lil sluggish opening(mainly) and managing multiple internet tabs, but I think that's due to windows SP3 near wiping out RAM as noted by s1lents0ul and then having to fight internet browsers :thumbsup:
I don't reckon I'll get much more out of it without installing more ram.

well just a few more things if you would and I'll be out the way XD
1 ) Is it dangerous to have the internet connected during startup being that COMODO doesn't seem to startup very quickly? (possibly leaving computer vulerable until it is)
2 ) You mentioned the registry cleaners can be dangerous, what about defragging them? It's a feature of smart defrag, and though you said cleaning could cause harm...I wouldn't imagine defragging it would. Figured I'd ask though.
&
3 ) could I run a HiJackThis log by you? I've dabled a lil, but only on a few things I'm familiar with, as I know it's dangerous as well^^ Or ComboFix, whichever you'd think better. I have both but I haven't messed with ComboFix. The reason I ask this is because I think whatever WAS on my computer has reaked some form of terror on my system, despite that I seem to have rid the system of it. I'm hoping you can pick up something from one of the two that won't show on a anti-ware scan.
If you feel it's not necessary however I'll just leave it be.

Edited by herofallenvillain, 15 April 2010 - 11:11 AM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:02 PM

Posted 15 April 2010 - 12:00 PM

Is it dangerous to have the internet connected during startup being that COMODO doesn't seem to startup very quickly? (possibly leaving computer vulerable until it is)

Anytime you are connected to the net there is some risk of encountering something malicious. Hackers use "port scanning" to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs (viruses, Trojans). Your firewall should detect such attempts and alert you. To minimize risk, I wait until all my security protection fully loads before connecting. If using an always on connection like my network at work, I wait until everything fully loads before browsing.

You mentioned the registry cleaners can be dangerous, what about defragging them? It's a feature of smart defrag, and though you said cleaning could cause harm...I wouldn't imagine defragging it would.

I would put registry defraggers in the same category as optimizers although they are mainly intended to compact the registry hives as opposed to cleaning them. IMO using them is not really necessary but you may get differing opinions as some folks like to use such utilities. See Mark Russinovich's write up for using PageDefrag and this article on What Does a Registry Defrag Program Do?.

) could I run a HiJackThis log by you? I've dabled a lil, but only on a few things I'm familiar with, as I know it's dangerous as well^^ Or ComboFix, whichever you'd think better. I have both but I haven't messed with ComboFix.

Please note the message text in blue at the top of this forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

:thumbsup: ComboFix logs, where should I post them?


DDS/HijackThis logs are not permitted in this forum. The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. If you do not mind waiting and want some to check your system thoroughly, then please follow the directions in the the pinned topic titled Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help. If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. Start a new topic, give it a relevant title and post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users