954,229 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
2 Years Ago
Show Comments
-1

Infected Computer, Please help.

I have a HP Pavilion dv8000 laptop that is about 3+ years old. It has been great until recently. I don't know what I got into but I know I'm infected. For about a month now my computer is super slow, not just on the internet. My screensaver freezes up, its slow going from one program to another in the taskbar, the CD drive is slow, when I type the cursor will jump back to previous sections of my message, even when I click on "My Computer" it takes about 5 secs searching for it. I'm hitting ctrl,alt,del all the time to end programs that are not responding. I've ran a anti-Malware scan and AVG virus scan and not found anything.

I'm definitely a novice at this and would appreciate any suggestions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:43 PM, on 09/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files 2\HijackThis.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797693812
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11003 bytes

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
Show Comments
1

Dan,
Among other things, it's obvious you have a system with the Microsoft Development tools (Visual Studio?) installed, and you have Microsoft SQL server running at startup on your system. If you have that setup to broadcast it's presence, you may be easy pickings for hackers. I'm not sure that is the problem.

A quick visual scan of your hijack this log leads me to believe that you have both AVG and Norton Antivirus installed; You don't say how much memory you have, and you have a couple of BHO's that need to be investigated, but there are additional apps to review.
you have Quicktime and Adobe loading their quick launch apps at startup, that's a minor but noticeable performance hit. You have Microsoft Word running at the time you ran HijackThis, if it's running all the time that will add to the load.
You have a lot of the Google software, my own experience with a p4 that ran at 2.4ghz was that when the Google Desktop search got to be a certain size, I saw real performance issues. Your laptop is a 1.7ghz dual core right? It will get bogged down if there are too many programs loading at startup.
The bluetooth mouse driver that you have (Logitech) is described by at least one person as a poorly behaved app that can take up CPU resources.
You have multiple browser Add-Ons (the BHO entries) that will add a lot to MSIE's workload. I think that you probably have the Google search in that as well as in the Google toolbar. You should cut back on the add-ons.
Summary:
Try disabling the Bluetooth mouse application first. Then Google desktop search. Unless you use Adobe and Quicktime on an hourly basis you should disable the 'load at startup' option on each of those. After that, if you have the Microsoft Live search toolbar in your browser, you should go into the Manage Browser Add-ons and disable two of the three toolbars. While your doing that, disable the Safe Eyes add-on as well and look at the list of active add-ons for anything dodgy (like entries without a name). Restart the computer and check how it's performing. Let us know if that improves things

BrianDSy
Newbie Poster
9 posts since Jul 2009
Reputation Points: 11
Solved Threads: 2
 
2 Years Ago
0

I wanted to also post the Malware scan that I did last night. I don't know if it will be helpful or not.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

09/30/2009 8:55:35 AM
mbam-log-2009-09-30 (08-55-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225348
Time elapsed: 1 hour(s), 27 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Brian,

I appreciate your time and suggestions. I do have a dual core 2.0GHz.

Please excuse my ignorance but I'm not sure how to execute your suggestions. The Norton is outdated so I can get rid of that as well as the blue tooth mouse. How do I uninstall them?
How do I change my start-up options?

What is a BHO?

What about the cursor moving and jumping around while I type?

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Just go to google and search for this:
combofix, and becareful, only download it from bleeping computer; run this tool , read the instructions first on the website, it does miracles for me, trust me, I fix computers on the side.
http://www.bleepingcomputer.com/combofix/

mdk2k4
Junior Poster in Training
82 posts since Oct 2008
Reputation Points: 10
Solved Threads: 8
 
2 Years Ago
0

Combofix is great for malware and spyware, it doesn't necessarily fix problems with software that has conflicts with other programs.
Dan,
to answer your question about how to remove programs; Click Start, then Control Panel, then Add/Remove Programs. The window will appear with all the programs installed on your computer. Scroll down till you find the Bluetooth Mouse. It will probably be listed under the name of the company that made it. Remove that and reboot the machine if you need to. Then do the same thing for Norton. After you remove the bluetooth mouse, I bet your cursor will stop jumping around. I'll add the bit about removing Browser Helper Objects (BHO's) when I get home to my PC (I use a Mac).

BrianDSy
Newbie Poster
9 posts since Jul 2009
Reputation Points: 11
Solved Threads: 2
 
2 Years Ago
0
Combofix is great for malware and spyware, it doesn't necessarily fix problems with software that has conflicts with other programs.
Dan,
to answer your question about how to remove programs; Click Start, then Control Panel, then Add/Remove Programs. The window will appear with all the programs installed on your computer. Scroll down till you find the Bluetooth Mouse. It will probably be listed under the name of the company that made it. Remove that and reboot the machine if you need to. Then do the same thing for Norton. After you remove the bluetooth mouse, I bet your cursor will stop jumping around. I'll add the bit about removing Browser Helper Objects (BHO's) when I get home to my PC (I use a Mac).


I don't see the bluetooth mouse program. I stopped using that mouse months ago and think I already uninstalled it. I don't see Norton listed either. I have a few other programs that I've tried to remove in Add/Remove Programs that say it can't find the file.

What is your opinion of downloading a Registry Mechanic?

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

I thought the Thread title says, Infected computer Please Help....huhhh

mdk2k4
Junior Poster in Training
82 posts since Oct 2008
Reputation Points: 10
Solved Threads: 8
 
2 Years Ago
Show Comments
1
I thought the Thread title says, Infected computer Please Help....huhhh


Did you see anything in the HJT or MBAM logs that warrants running Combofix?

I once had a poster tell me that a virus had turned his cursor into a dinosaur......LOL! Can't always take things at face value :)

I think Brian is on point here.

Cheers :)
PP

PhilliePhan
Central Scrutinizer
Moderator
1,942 posts since Dec 2006
Reputation Points: 184
Solved Threads: 110
 
2 Years Ago
0

I also had a virus turn into Mickey Mouse once, and mbam is becoming a headache, whit that IP protection, every website’s IP are suspicious, and Hijack never work for me, at least combofix had fix me a lot of pc's.

mdk2k4
Junior Poster in Training
82 posts since Oct 2008
Reputation Points: 10
Solved Threads: 8
 
2 Years Ago
Show Comments
1
What is your opinion of downloading a Registry Mechanic?


Not a good idea. Registry "cleaners/fixers" very often bring on a lot more trouble than you are all ready having. Leave it alone.

For the Norton program, first go to Task Manager and look for this running;
LiveUpdate\ALUSchedulerSvc.exe
If you see it, End the Process.
Then go to Add/Remove and look for Symantec. IF you find it in there Uninstall it. That appears to be the only Symantec/Norton process still running.

Then go to Start, Search, and look for Norton, delete anything found. Then do the same for Symantec.

You have a lot of programs running unnecessarily at start and therefore running all the time. This would slow the computer considerably. Also, AVG can really be a drag on resources as it has so many needless processes. You might consider a different anti-virus program, Avira or Avast are a couple of really good free ones. Highly recommended.
Try going OFFLINE and run the computer without the AVG running and see if it makes a difference. If it does then change your anti-virus program.
We can certainly help you pare down some of those needless auto starts if you wish.

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
2 Years Ago
0
I thought the Thread title says, Infected computer Please Help....huhhh


It says "Infected" because that was my assumption. When your computer starts freezing up, programs crashing, the cursor getting jumping what else are you supposed to think? I'm not an IT guy, just a computer user.

If its not infected what is the problem?

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

It says "Infected" because that was my assumption. When your computer starts freezing up, programs crashing, the cursor getting jumping what else are you supposed to think? I'm not an IT guy, just a computer user.

If its not infected what is the problem?


Don't worry about that guy, just continue with the instructions given to remove those Norton remainders. Then run a new HJT scan and post that log, I'll go through those start ups and tell you what they are and how to stop them.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
2 Years Ago
0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:27 PM, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files 2\HijackThis.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170797693812
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9695 bytes

Is there any way to cut and paste the list of my "processes" from Task Manager? I have about 56 running when nothing is open.

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Not a good idea. Registry "cleaners/fixers" very often bring on a lot more trouble than you are all ready having. Leave it alone.

For the Norton program, first go to Task Manager and look for this running;
LiveUpdate\ALUSchedulerSvc.exe
If you see it, End the Process.
Then go to Add/Remove and look for Symantec. IF you find it in there Uninstall it. That appears to be the only Symantec/Norton process still running.

Then go to Start, Search, and look for Norton, delete anything found. Then do the same for Symantec.

You have a lot of programs running unnecessarily at start and therefore running all the time. This would slow the computer considerably. Also, AVG can really be a drag on resources as it has so many needless processes. You might consider a different anti-virus program, Avira or Avast are a couple of really good free ones. Highly recommended.
Try going OFFLINE and run the computer without the AVG running and see if it makes a difference. If it does then change your anti-virus program.
We can certainly help you pare down some of those needless auto starts if you wish.



I was able to delete most the Norton and Symantec stuff. I wasn't able to delete a Aluschedulersvc.exe file.

dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
Show Comments
1
I was able to delete most the Norton and Symantec stuff. I wasn't able to delete a Aluschedulersvc.exe file.


Try it this way first.
Go to Start, Control Panel, Administrative Tools, Services.
When Services opens scroll through the list until you see these files;Automatic LiveUpdate Scheduler - Symantec Corporation
LiveUpdate - Symantec Corporation. When you do double click it to bring up it's properties. First Click the Stop Button to stop the Service.
Once the service stops then click the Start Up type button and change it to Disabled.
Ok your way all the way out.
When go to C:\Program Files\Symantec\ and delete the Symantec Folder.

Next, run HiJackThis again and put check marks next to the following entries:
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - Startup: PowerReg SchedulerV2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Once you have placed the check marks then click the Fix Checked button. Exit HJT.
I will look through your auto starts and post back here with a list of those which are not required to auto start and can be run manually and instructions on how to turn these off.

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
2 Years Ago
Show Comments
2

Now for your unneeded auto starting programs; All of these programs auto start when the computer starts and then generally run all the time in the back ground. None of them are needed for the smooth running of the computer. Some are totally unnecessary and some are considered "Users Choice", that is, if you want them to run all the time go ahead but they are not needed. The User Choice ones I will mark with a * so you decide. The others absolutely are not required.
To easily disable these auto starts you can use one of these programs, Mike Lin's StartUp Control Panel which, after download and install can be found in the Control Panel with a little computer icon labeled Start Ups or CodeStuff Starter. The CodeStuff program you can save anywhere you can easily find it. CodeStuff is a bit more of an "in depth" program than Mike Lin's as you can also turn off Services and also has a detailed Process manager, somewhat like the Task Manager. It just is more detailed. You can install either or both of these programs. I have them both so either are fine. Both are FREE. Mike Lin's just enables you to stop auto starting programs.
Either way, once downloaded then open which ever program you have chosen. When Mike Lin's opens you will see six tabs. Go through each tab and remove the check mark from the program you want to Stop from auto start. Once you have done that close the program and reboot.
On CodeStuff you click the Start Ups tab and go through the various listings there, removing check marks from any you want to disable at start up. Once complete then Exit the program With either program once you have done all that then reboot the computer.
Here is the list along with a description of each program:
*ATIPTA>>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
*LSBWatcher>>>HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting.
eabconfg.cpl>>>Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Cpqset>>>Default settings software in Hewlett Packard notebook
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
**ICF-Safe Eyes>>>Internet Content Filter. Tool that allow parents to choose appropriate content for their children. (this one is truly up to you. You would have had to install it for it to be there. If you want it then leave it)
*NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Adobe Reader Speed Launcher>>>exactly what it says it is. Supposedly speeds the opening of the Adobe Reader. Actually only speeds it by a few seconds. Program works perfectly fine without this.
HP Software Update>>>HP software updates. If a shortcut doesn't exist, create your own and run it manually
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
DW6>>>The Weather Channel's desktop weather program.
Google Update>>>This startup is used by Google products such as Picasa and Chrome, among others, to check for new updates.
HP Digital Imaging Monitor>>>can be launched manually

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
2 Years Ago
0

KHALMNPR.EXE appears in the list of progams that are loaded at startup from the Registry. I can see it at the top of this page in your first message. This program is normally associated with Logitech mouse and hardware products, and allows various control and changes to these hardware devices. I can't see the whole registry entry at the top of the page, but it is there. Did you delete the program by hand, thinking that would uninstall it? The mouse software is still active then, waiting for you to reconnect the mouse. It will be listed as a Logitech program in the remove program list.
Registry Mechanic and many other Registry cleaning tools are fine, and may be useful to you. However, I'm confident that the first step should be to look through the 'Remove Programs' control panel and take the steps I suggested above.
BHO stands for Browser Helper Object. It is an add-on for Internet Explorer. You can disable it by starting MSIE and clicking Tools/Add-Ons. Then look through the list of add-ons for the AVG toolbar. Disable that.
Also, you wrote above "I have a few other programs that I've tried to remove in Add/Remove Programs that say it can't find the file." That is a clear sign that the program was simply deleted from the Program Files, not uninstalled. This is the kind of thing you should never do, but Registry Mechanic may be able to fix it.
Also, according to the Hijack This log above, you are running it from a folder on the D: driver called "Program Files2". Please let us know if you have two different copies of WindowsXP installed on the same machine.

BrianDSy
Newbie Poster
9 posts since Jul 2009
Reputation Points: 11
Solved Threads: 2
 
2 Years Ago
0

By the way I should add that Dandi122 and JHolland1964 have both made very good suggestions with great step by step directions, and I would strongly recommend them.

BrianDSy
Newbie Poster
9 posts since Jul 2009
Reputation Points: 11
Solved Threads: 2
 
2 Years Ago
0

So I've been able to do as suggested and I noticed an immediate improvement in the speed, but within a few hours it seemed to slow down again. Not as bad a before but still not as good as earlier.

Overall thank you for the help. Any other suggestions?



Now for your unneeded auto starting programs; All of these programs auto start when the computer starts and then generally run all the time in the back ground. None of them are needed for the smooth running of the computer. Some are totally unnecessary and some are considered "Users Choice", that is, if you want them to run all the time go ahead but they are not needed. The User Choice ones I will mark with a * so you decide. The others absolutely are not required.
To easily disable these auto starts you can use one of these programs, Mike Lin's StartUp Control Panel which, after download and install can be found in the Control Panel with a little computer icon labeled Start Ups or CodeStuff Starter. The CodeStuff program you can save anywhere you can easily find it. CodeStuff is a bit more of an "in depth" program than Mike Lin's as you can also turn off Services and also has a detailed Process manager, somewhat like the Task Manager. It just is more detailed. You can install either or both of these programs. I have them both so either are fine. Both are FREE. Mike Lin's just enables you to stop auto starting programs.
Either way, once downloaded then open which ever program you have chosen. When Mike Lin's opens you will see six tabs. Go through each tab and remove the check mark from the program you want to Stop from auto start. Once you have done that close the program and reboot.
On CodeStuff you click the Start Ups tab and go through the various listings there, removing check marks from any you want to disable at start up. Once complete then Exit the program With either program once you have done all that then reboot the computer.
Here is the list along with a description of each program:
*ATIPTA>>>>Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
*LSBWatcher>>>HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting.
eabconfg.cpl>>>Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
Cpqset>>>Default settings software in Hewlett Packard notebook
ISUSPM Startup>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
ISUSScheduler>>>InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you’re always working with the most current version
**ICF-Safe Eyes>>>Internet Content Filter. Tool that allow parents to choose appropriate content for their children. (this one is truly up to you. You would have had to install it for it to be there. If you want it then leave it)
*NeroFilterCheck>>>Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Adobe Reader Speed Launcher>>>exactly what it says it is. Supposedly speeds the opening of the Adobe Reader. Actually only speeds it by a few seconds. Program works perfectly fine without this.
HP Software Update>>>HP software updates. If a shortcut doesn't exist, create your own and run it manually
QuickTime Task>>>System Tray access to Apple's "Quick Time" viewer from version 5 onwards
DW6>>>The Weather Channel's desktop weather program.
Google Update>>>This startup is used by Google products such as Picasa and Chrome, among others, to check for new updates.
HP Digital Imaging Monitor>>>can be launched manually
dand122
Newbie Poster
16 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed