|
Laptop Hanging; Won't Go Away
|
|
Member
1 product review
|
1. January 2008 @ 16:10 |
Link to this message
|
In relation to this topic where I stated that my dad brought in two laptops for me to fix, I'm having problems with another one.
This time, this one has an OS, and I finally completed cleaning it out. Yay! But it's mysteriously hanging now. Boo.
I've ran all my cleaners and virus stuff, no dice.
I think there might be a rootkit, but I dunno.
Any suggestions?
Edit: One more thing, it's been trying to stop me from obtaining updates from Microsoft Update.
This message has been edited since posting. Last time this message was edited on 1. January 2008 @ 16:35
|
|
Advertisement
|
 |
|
|
Senior Member
|
1. January 2008 @ 18:48 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 1. January 2008 @ 18:52
|
Member
1 product review
|
1. January 2008 @ 19:51 |
Link to this message
|
Ok, here goes..
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:57 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\William Bain\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 4637 bytes
|
Senior Member
|
1. January 2008 @ 20:55 |
Link to this message
|
|
Reboot into safe mode. Run HJK. Do system scan only. Place check marks next to all the items listed below. Click, Fix Checked. Reboot normal. Check system operation. Then Reboot into safe mode, again. Run HJK. Post new log.
C:\WINDOWS\system32\ZCfgSvc.exe
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
This message has been edited since posting. Last time this message was edited on 1. January 2008 @ 21:01
|
Member
1 product review
|
2. January 2008 @ 11:42 |
Link to this message
|
Ok it's still sluggish.
Here's the new log
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:31 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\William Bain\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 4572 bytes
|
Senior Member
|
2. January 2008 @ 21:59 |
Link to this message
|
These two returned. May take a few more steps to get rid of.
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
Let's try this tool. Download, ComboFix.
http://forums.majorgeeks.com/showthread.php?t=134965
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
This message has been edited since posting. Last time this message was edited on 3. January 2008 @ 14:58
|
Member
1 product review
|
3. January 2008 @ 13:59 |
Link to this message
|
|
I suppose I run these both in safemode?
|
Senior Member
|
3. January 2008 @ 14:58 |
Link to this message
|
|
Yes
|
Member
1 product review
|
3. January 2008 @ 18:03 |
Link to this message
|
Mkay doc, here's my logs.
ComboFix:
Quote:
ComboFix 08-01-04.1 - William Bain 2008-01-03 16:30:57.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -6:00]
Running from: C:\Documents and Settings\William Bain\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.
2008-01-03 16:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 06:09 . 2008-01-03 12:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 06:09 . 2008-01-03 06:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 21:26 . 2008-01-02 21:26 502 --a------ C:\WINDOWS\ONSPCLCK.exe
2008-01-02 19:20 . 2008-01-02 19:20 <DIR> d-------- C:\Program Files\Common Files\Electronic Learning Products
2008-01-01 10:17 . 2008-01-03 16:24 <DIR> d-------- C:\Documents and Settings\William Bain\Application Data\SiteAdvisor
2008-01-01 10:17 . 2008-01-01 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-01 10:17 . 2008-01-01 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 18:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-31 18:31 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 17:53 . 2007-12-31 17:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-31 15:05 . 2007-12-31 15:05 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-31 15:05 . 2007-12-31 15:05 <DIR> d-------- C:\Documents and Settings\William Bain\Application Data\SystemRequirementsLab
2007-12-31 14:46 . 2007-12-31 14:46 <DIR> d-------- C:\Documents and Settings\William Bain\Application Data\Redemption
2007-12-31 14:46 . 2008-01-03 14:09 144 --a------ C:\WINDOWS\REDEMUNINS.INI
2007-12-31 11:48 . 2007-12-31 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-31 11:48 . 2007-12-31 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-31 11:44 . 2007-12-31 11:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 17:31 . 2007-12-30 17:31 <DIR> d-------- C:\Program Files\Electronic Learning Products
2007-12-30 09:01 . 2006-08-21 03:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-30 08:54 . 2007-12-30 08:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-29 16:30 . 2007-12-29 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-29 16:22 . 2007-07-09 07:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-29 16:17 . 2007-12-29 16:17 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 17:52 --------- d-----w C:\Documents and Settings\William Bain\Application Data\AVG7
2008-01-01 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 19:53 --------- d-----w C:\Program Files\Quicken
2007-12-31 19:52 --------- d-----w C:\Program Files\Logitech
2007-12-30 14:52 --------- d-----w C:\Program Files\TBONBin
2007-12-29 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2001-10-24 18:03 81,924 ----a-w C:\Program Files\US Readme.htm
2001-10-24 18:03 81,924 ----a-w C:\Program Files\readme.htm
2001-10-24 18:03 34,816 -c--a-w C:\Program Files\Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP OfficeJet T Series"="C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" [2001-09-25 12:08 28672]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 12:29 40960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2000-01-01 05:01 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2000-01-01 05:01 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2003-12-16 17:49 110592 c:\WINDOWS\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2003-04-15 22:01 258048 --a------ C:\WINDOWS\System32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0a\AOL.EXE -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B'sCLiP]
2004-02-04 07:43 1409024 --a------ C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
C:\WINDOWS\p_981116.exe /Q:A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 12:29 40960 --a------ C:\WINDOWS\System32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 15:03 125528 --a------ C:\Program Files\Common Files\AOL\1137444382\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-12-20 19:54 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Documents and Settings\William Bain\Desktop\kazaa.exe /SYSTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-01-02 18:16 172032 --a------ C:\Program Files\ltmoh\Ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\WINDOWS\system32\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
C:\TOSHIBA\IVP\ISM\pinger.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-12-10 03:36 86016 --a------ c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
2003-08-03 18:01 86073 --a------ C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-02-06 18:31 32881 --a------ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-05-30 21:23 614400 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-05-30 21:25 110592 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
C:\Program Files\TBONBin\tbon.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2003-09-05 05:24 65536 --a------ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-01-21 20:00 126976 --a------ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 22:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2004-02-04 03:08]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 19:38]
R4 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2004-02-02 21:05]
S2 SUNLITE;SIUDI OUT;C:\WINDOWS\system32\Drivers\siudi.sys [2002-03-22 00:51]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\ewdmaudn.sys [2004-09-20 15:09]
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 11:03]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 16:35:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 16:43:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 22:43:21
.
2008-01-03 20:17:03 --- E O F ---
HijackThis:
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:35 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\William Bain\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 4486 bytes
|
Senior Member
|
3. January 2008 @ 23:24 |
Link to this message
|
HijackThis, usually removes BHO's with no problem. This one has came back twice!
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
You have placed a check mark next to this for removal, right? There are still a few more removal tools we can try. However, If removal tools do not pull it out. We may have to start looking through the registry to locate and delete it.
Take a look at this link. Let me know if this description fits your issue. When I Google, 59879FA4-4790-461c-A1CC-4EC4DE4CA483, this is what comes up.
http://www.bitdefender.com/VIRUS-1000171....RXToolbar.html
How's the PC running, so far? Are you getting popups? Is it still hanging?
Let's try a few cleanup procedures to see if we can get it running a little better. Then we can go back to dealing with the last piece of adware.
Run this program. Windows File Protection.
Start>Run>type, sfc /scanonce
Then Reboot. Program will takes about 15-20 minutes to run.
Download and run this registry cleaner.
http://www.ccleaner.com/
You may have to run it a few times if the system is dirty.
Run Disc Cleanup, and Disc Defragmenter.
OK, do all this and get back to me.
This message has been edited since posting. Last time this message was edited on 3. January 2008 @ 23:49
|
Member
1 product review
|
4. January 2008 @ 11:20 |
Link to this message
|
|
I'll need to check to see if I have this, RXToolbar. I'm pretty sure I saw that name before in Add or Remove Programs, but no, I haven't been getting any pop-ups, however it still has been running very sluggish though. I'll run them in a bit. Safemode still I presume?
Edit: I'm looking at IE right now, there's no RX bar.
Edit edit: Ok, I ran all those programs. It's speeding up a little but that's it.
This message has been edited since posting. Last time this message was edited on 4. January 2008 @ 12:23
|
Senior Member
|
4. January 2008 @ 22:31 |
Link to this message
|
Yes, take a look around. Keep the link I sent, you may need it to locate it in the registry. Could be only part of this program left. Run all the suggested programs in normal mode. Should speed up your computer more than just a little? If not, there are problems elsewhere. Which we can check next time. What brand and model computer do you have? Noticed your running IE6 for a browser, you should upgrade to IE7, it's a tab browser like Mozilla Firefox. Here's the link for IE7. http://www.microsoft.com/windows/downloads/ie/getitnow.mspx
This message has been edited since posting. Last time this message was edited on 4. January 2008 @ 22:35
|
Member
1 product review
|
5. January 2008 @ 10:40 |
Link to this message
|
Originally posted by QuikDraw:
Noticed your running IE6 for a browser, you should upgrade to IE7, it's a tab browser like Mozilla Firefox. Here's the link for IE7. http://www.microsoft.com/windows/downloa...ow.mspx
I normally never use IE, my mother however loves IE6 and she doesn't wanna change to IE7 anytime soon, she thinks it's still in development (Believe me, it was my fault why she doesn't wanna change). But I'll take a look at it and might upgrade it on the laptop.
Anyways, for brand and model, I'll have to check for model but I know it's a Toshiba brand.
|
Senior Member
|
5. January 2008 @ 13:38 |
Link to this message
|
|
Try IE7 out, download it, familiar yourself with it, show your mother how to work it. If she ends up not liking it, just go to add/remove programs and delete it. Do you know how to change your home page in Internet Properties? After IE7 loads, it will change the home page to MSN, you will need to good into Internet Properties and change it back.
This message has been edited since posting. Last time this message was edited on 5. January 2008 @ 13:41
|
Member
1 product review
|
5. January 2008 @ 15:03 |
Link to this message
|
Originally posted by QuikDraw:
Words
Mkay I'll take your word for it.
|
Senior Member
|
5. January 2008 @ 15:18 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 5. January 2008 @ 15:30
|
Member
1 product review
|
6. January 2008 @ 10:19 |
Link to this message
|
Mkay, so I switched to IE7 now.
But I think the virus is getting worse or it was just a typo 'cause my O key broke physically recently.
I started up Firefox and it re-directs me from Google to Netflix. Either this was a typo in my options or this virus changed my main page to "www.google.cm" although I'm pretty sure it was the broken key.
|
Senior Member
|
6. January 2008 @ 16:47 |
Link to this message
|
If you keyboard is broken, you should either try repairing it or replace it. As far as, what your talking about with starting firefox, I'm not sure what you may of done. If you want to keep firefox and you are having problems with it. Then uninstall and reinstall it. The new IE7 browser installation may of caused Firefox to malfunction. I'm not in front of your computer, so can only guess at what is taking place based on what your telling me. Reinstalling firefox should correct any error your having. I think before you go any future, you'd better get your keyboard working properly.
|
Member
1 product review
|
6. January 2008 @ 17:37 |
Link to this message
|
Originally posted by QuikDraw:
If you keyboard is broken, you should either try repairing it or replace it. As far as, what your talking about with starting firefox, I'm not sure what you may of done. If you want to keep firefox and you are having problems with it. Then uninstall and reinstall it. The new IE7 browser installation may of caused Firefox to malfunction. I'm not in front of your computer, so can only guess at what is taking place based on what your telling me. Reinstalling firefox should correct any error your having. I think before you go any future, you'd better get your keyboard working properly.
Ya tell that to my dad who keeps super-gluing the keys back making the keyboard even more useless.
Anyways, the Firefox problem was fixed, it's not redirecting anymore. It was just a simple typo.
|
Senior Member
|
6. January 2008 @ 17:56 |
Link to this message
|
|
Time for a review. We've clean and removed all but one BHO entry, so far. You where going to look for it and get back to me on your progress, after using the information I provided. What ever happened with that? Did you ever look for it?
We updated your IE browser. Did you run all the fixes I suggested? How's the computer running? Is it still sluggish? What brand and model computer? How old is it? How much RAM is installed? Go into task manager. How many processes are running. What percent of CPU power is being used?
This message has been edited since posting. Last time this message was edited on 6. January 2008 @ 18:02
|
Member
1 product review
|
7. January 2008 @ 12:21 |
Link to this message
|
Originally posted by QuikDraw:
We updated your IE browser. Did you run all the fixes I suggested? Not all of them yet. How's the computer running? Is it still sluggish? Yes. What brand and model computer? Brand: Toshiba, Model: Satellite M35-S320 How old is it? About 2 years and a half. How much RAM is installed? I believe 256. Go into task manager. How many processes are running. It's the standard 30s. What percent of CPU power is being used? It tells me standard 69-100% is being used.
Answers in bold chief.
|
Senior Member
|
7. January 2008 @ 13:40 |
Link to this message
|
Hey Chief,
Copy and pasted from my last email which has not been addressed. We've clean and removed all but one BHO entry, so far. You where going to look for it and get back to me on your progress, after using the information I provided. What ever happened with that? Did you ever look for it?
Did you perform all these fixes, yet? If not, why not, need assistance? Is there something you don't understand? I can walk you through the processes.
Run this program. Windows File Protection.
Start>Run>type, sfc /scanonce
Then Reboot. Program will takes about 15-20 minutes to run.
Download and run this registry cleaner.
http://www.ccleaner.com/
You may have to run it a few times if the system is dirty.
Run Disc Cleanup, and Disc Defragmenter.
Also, go into Task Manager, and tell me which processes are using the most CPU power. Need to know the Image Name/s. A CPU using 69% to 100% is not good! This is the main reason your computer is sluggish. For now, if the process is using more than 30 percent of the power shut it down by r/clicking on the Image Name and selecting END PROCESS. Do this after each boot. Until your CPU power is at less than 30%. In contrast, I'm currently using 4% CPU power. I have high speed Internet. What type of Internet connection do you have?
OK, do all this and then get back to me.
Quikdraw
This message has been edited since posting. Last time this message was edited on 7. January 2008 @ 14:06
|
Member
1 product review
|
7. January 2008 @ 13:56 |
Link to this message
|
Originally posted by QuikDraw:
What ever happened with that? Did you ever look for it?
The reason why I said some of it was because the File Protection thing wouldn't start up properly after I restarted. I've waited for around 40 minutes and still to no avail in safemode, however I ran it in regular mode and also restarted it in regular mode and it ran after 16 minutes, then I booted to safemode, ran CCleaner, Disk Cleanup, and the rest.
|
Senior Member
|
7. January 2008 @ 14:47 |
Link to this message
|
|
I just reviewed the sfc /scanonce, directions I gave you earlier, nothing there about booting into safe mode. Unless your doing this because the computer is running so poorly? The usual steps for running sfc/ scanonce is to type the command into the run box. Reboot the computer in normal boot mode. The program will start to run. Takes about fifteen minutes to complete. If it finds anything wrong, the program will prompt you. Using sfc /scannow, does not require a reboot to start. If your having problems with any process, stop and email me and I will help you through it. You need to explain what is happening each time. I'm not in front of your machine, so I can only go by what you are telling me. Do you have a system recovery partition, or do you use installation CD's? There appears to be a lot going wrong with your PC. You will need to look in Device Manager for driver conflicts, look in Computer Management/Event Viewer/Applications, and System for problems, look in system information/components/problem devices. See if anything is showing there. If you don't understand how to use these programs we can discuss it. I don't know you, so I don't know what level of computer skills you have.
|
|
Advertisement
|
|
|
Member
1 product review
|
7. January 2008 @ 16:49 |
Link to this message
|
Originally posted by QuikDraw:
I don't know you, so I don't know what level of computer skills you have.
I can normally remove any virus with ease, but this one's a new one I've found out about and can't find anything on the internet.
Also: I just thought that I'd run it in safemode because most of the programs you've told me to run are ran in safemode.
This message has been edited since posting. Last time this message was edited on 8. January 2008 @ 12:12
|
