0

Hi everybody,
I'm having a problem with a VERY slow computer. I ran HJT and fixed some 02 NO name-no file entries, and also a RO entry for Search Assistant. When I re-booted, the Search Assistant entry was back. Can anybody help me get rid of it? This is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:34:35 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136584104140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks for any help you can give;)
Kat lover

2
Contributors
7
Replies
8
Views
10 Years
Discussion Span
Last Post by Xpenetrator
0

Your log seems to be clean. But I see that you have 2 resident antivirus scanners running (Norton and AVG). This is not recommended since it (amongst other things) can slow down all disk access dramatically.

0

Your log seems to be clean. But I see that you have 2 resident antivirus scanners running (Norton and AVG). This is not recommended since it (amongst other things) can slow down all disk access dramatically.

Hi XPenetrator,
Thanks for your response. So you're saying that the Search Assistant entry is not a problem?

Actually, I'm only using Norton for their Scan Disk and One Button ckup. Their AntiVirus screwed me over royally one time and I'll never use it again:twisted:

Thanks!
Kat lover

0

Sorry, in my fast eyescan for nasties I didn't see that Norton's AV stuff isn't actually running. But "symlcsvc.exe" is apparently known to be causing trouble, too. Did you try deinstalling Norton entirely? (Merely running uninstall probably doesn't do it!) There is at least one running process left (ccEvtMgr.exe) that seems to be part of Norton's AV.
I quote from http://www.spyany.com/files/ccevtmgr_exe.html

File ccevtmgr.exe is the Norton AntiVirus Event Manager Service that is responsible for writing security event log. This process may occasionally slow down your computer performance. However it is not a good idea to stop it if you want your Norton application working correctly.

So you're saying that the Search Assistant entry is not a problem?

What is/was the exact problem with "Search Assistant"? I don't see signs of known malware that uses this string in it's name like 180SearchAssistant or something. If you refer to
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
this should be pretty normal if Earthlink is your ISP. Can you tell us the whole story what happened and when you took notice of the slowdown?

0

Have you read this thread?
http://www.daniweb.com/techtalkforums/thread51015.html
Very similar to your problem and you have Spysweeper running, too

Hi Xpenetrator,
Yes, I read that yesterday and I posted this comment today -

"For what iit's worth, I had terrible problems with the SpySweeper update last month. My pc was unbelievably slow and sometimes would just lockup. My screen would hang, and then would "peel" down just like yours, plus processes wouldn't complete. It drove me mad, and after reading about other peoples many problems with it, I went back to the earlier version and have had no problems with it since. You just have to be alert after going back to the earlier version, because you're constantly being asked by SpySweeper if you want to download the new version - not! My brother found this out the hard way and had to remove the newer version again :twisted:

Good luck

Kat lover"

0

But "symlcsvc.exe" is apparently known to be causing trouble, too. Did you try deinstalling Norton entirely? (Merely running uninstall probably doesn't do it!) There is at least one running process left (ccEvtMgr.exe) that seems to be part of Norton's AV.
I quote from http://www.spyany.com/files/ccevtmgr_exe.html

I'll try removing Norton completely. Will I be able to re-install just the parts of Norton that I use?

What is/was the exact problem with "Search Assistant"? I don't see signs of known malware that uses this string in it's name like 180SearchAssistant or something. If you refer to
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
this should be pretty normal if Earthlink is your ISP. Can you tell us the whole story what happened and when you took notice of the slowdown?

My pc had been running very slow for a couple of weeks and it took forever to load web-sites that I normally don't have trouble with.

This proves a little knowledge is a dangerous thing;) I read all the things to ck for in the hjt log and saw SearchAssistant and assumed it was a bad thing in general. And Earthlink is my ISP:)

Thanks,
Kat lover

0

I'll try removing Norton completely. Will I be able to re-install just the parts of Norton that I use?

I'm not sure if that is possible with Norton at all. You already stripped it down to what you need, but since it's a program suite, central components will always be installed and loaded. I liked Speeddisk very much (like you) but I decided to forget about it because I found it wasn't worth all the hassle. That was 1996 and Norton Utilities for Win95...:)

To uninstall, try a guide like http://kb.winantivirus.com/index.php?do=view_question&id=534 or use "uninstall Norton Systemworks" on Google to find more instructions and even more Norton-bashing. You won't be able to reinstall without a complete uninstall.

My pc had been running very slow for a couple of weeks and it took forever to load web-sites that I normally don't have trouble with.

How much RAM has this computer? In Taskmanager, you can see how much CPU load and memory is used by each process. Is there a process showing something unusual?

I browsed through your processes again and I can't find anything suspicious for causing slowdowns except Norton. Only few additional processes are being loaded on startup on your computer. Try disabling the "Microsoft Location Finder" to check if this is responsible for some trouble: "Slow internet access" can be a completely different issue to "slow reacting/loading computer" and this program is the only one related to the internet and the only third-party thing besides Norton and Spysweeper.

If that all doesn't change anything, the problem is probably buried deeper in your system. But keep in mind that anything you try to fix it can make it worse, too. So backup important data first.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.