0

can someone please help me.. when click on the IE icon on my desktop it takes about 5 mins for it top finally open.. I dont get it as i am VERY unknowledgable when it comes to computers.. Also if i just try and open My Documents it is also very slow.. I Have XP..

5
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by DMR
0

run scan's. Spyware, etc. Also run and post a hijack this log. you may have an infection.

0

I know i might sound really stupid.. but how do i do this??

0

I know i might sound really stupid.. but how do i do this??

Don't be to hard on yourself . .
,There are many reasons for you slowness ,one is Spyware/Trojans or Virus problem .another is Memory problems, do you Defrag you hardrive ,so lets start with the spyware checking first !
do the following !
,,,,,,,,,,,,,,,,,,,,,,,,,,,,
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

0

thank you very much for your help, i am at work right now. so when i get home i will do as you say.. and i will post it in here for you.
once again.. THANKS.

0

ok.. here is all the gobbly gook that came out.. i hope this helps in your quest to help me!

Logfile of HijackThis v1.99.0
Scan saved at 6:10:06 PM, on 18/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\documents and settings\lyndal tucciarone\local settings\temp\j7WUBt.exe
C:\documents and settings\lyndal tucciarone\local settings\temp\wAyT.exe
C:\documents and settings\lyndal tucciarone\local settings\temp\AspH.exe
C:\documents and settings\lyndal tucciarone\local settings\temp\NdBr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\lyndal tucciarone\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\plg0\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\lyndal tucciarone\Local Settings\Temp\tXvr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
O4 - HKLM\..\Run: [svcp50m] C:\WINDOWS\System32\svcp50m.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [j7WUBt] C:\documents and settings\lyndal tucciarone\local settings\temp\j7WUBt.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [wAyT] C:\documents and settings\lyndal tucciarone\local settings\temp\wAyT.exe
O4 - HKLM\..\Run: [AspH] C:\documents and settings\lyndal tucciarone\local settings\temp\AspH.exe
O4 - HKLM\..\Run: [NdBr] C:\documents and settings\lyndal tucciarone\local settings\temp\NdBr.exe
O4 - HKLM\..\Run: [AutoLoader0F2v1KKVWWac] "C:\WINDOWS\System32\useolss.exe" /HideUninstall /PC="AM.WILD"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56E054-C22B-4AB2-929A-59FCFC537402}: NameServer = 203.194.27.57 203.194.56.150
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

0

Go
Here
and Get Trojan-Hunter Fully working trial!
,,,,,,,,,,,,,,,,,,,,,

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-


http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware


Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH


Then post a HJT log as a reply to this topic.

0

Once again thanks.. I did have a bit of trouble last night just to get the hijack this program.. my computer is so slow that it just wouldn’t download it from your link in this post. I had to go and search for it on the net. So if I have problems from any of the links that you have just given me, I will let you know. And once again, I have to wait until I get home from work to do this, which may be Thursday afternoon.

Thanks.

0

As the HijackThis log definitely indicates malicious infections, I'll move this to the proper forum now.

Buckle up, we're going for a ride...

0

ive been moving house im sorry and im finally back online! well not properly.. i still have the major slow issue but I managed to do all those things you asked me to do (PAINFULLY SLOWLY)

now i cant even open hotmail from this stupid computer.. I have to wait til i get to work each day. I seriously hope this has something to do with my computer problem because i cant afford a new one.

here is the HijackThis logfile..

Logfile of HijackThis v1.99.0

Scan saved at 1:15:00 PM, on 7/02/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\documents and settings\lyndal tucciarone\local settings\temp\j7WUBt.exe

C:\documents and settings\lyndal tucciarone\local settings\temp\wAyT.exe

C:\documents and settings\lyndal tucciarone\local settings\temp\AspH.exe

C:\documents and settings\lyndal tucciarone\local settings\temp\NdBr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\lyndal tucciarone\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\plg0\cxtpls.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\lyndal tucciarone\Local Settings\Temp\tXvr.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [svcp50m] C:\WINDOWS\System32\svcp50m.exe

O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [j7WUBt] C:\documents and settings\lyndal tucciarone\local settings\temp\j7WUBt.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [wAyT] C:\documents and settings\lyndal tucciarone\local settings\temp\wAyT.exe

O4 - HKLM\..\Run: [AspH] C:\documents and settings\lyndal tucciarone\local settings\temp\AspH.exe

O4 - HKLM\..\Run: [NdBr] C:\documents and settings\lyndal tucciarone\local settings\temp\NdBr.exe

O4 - HKLM\..\Run: [AutoLoader0F2v1KKVWWac] "C:\WINDOWS\System32\useolss.exe" /HideUninstall /PC="AM.WILD"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F56E054-C22B-4AB2-929A-59FCFC537402}: NameServer = 203.194.27.57 203.194.56.150

O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

please let me know what i should get rid of..

thanks and hear from you soon.

Lyndal

0

You should go to Windows Update to get the Critical Updates for your system. Hold off on SP2, however, at least until your system gets cleaned up.

You will need to clean out all your temporary folders, but before we give you instructions on doing this, you need to move hijackthis to a permanent folder, you now have it in a temp folder and will lose it if you clean them out now.

If you're not sure how to put it into a new folder, go here for a self-extracting version that will put it in the Programs Folder:
http://www.merijn.org/files/hijackthis_sfx.exe

After you get hijackthis in a permanent folder, close all browser windows, scan with hijackthis, and post a new log please.

0

Also- your logs indicates that you are not running any anti-virus software.

Before posting a new log, please visit the following two sites and take advantage of their free online anti-virus scans:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/

For future reference, you should install some sort of anti-virus program, and you should make sure to keep it as up-to-date as possible. If you don't want to spend $$ for a program such as Norton or McAfee Anti-Virus, you can download the free AVG anti-virus program from:

http://www.grisoft.com/us/us_dwnl7.php

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.