|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
05-06-2008, 09:42 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 82
OS: XP
|
[SOLVED] xp pro laptop running very slowly, symptoms keep changing
Within the past few days, I noticed my laptop's fan always running high. As I tried to determine the cause, I noticed the following, in order of discovery:
--IE address bar missing, though checked. Searched, found fix. That much is working now. --When I click My Computer, flashlight displays for up to a minute before drives display. --Typing an address in IE and hitting GO or <ENTER> seems not to work; but after a minute or so site comes up. --Windows updates won't run --Trying to pull down address history takes up to a minute to dispay. --Using Google, sites come up immediately. I have run Adaware, Spybot and my McAfee AV scan. The only thing found were tracking cookies. I have run the five steps and include requested logs. Thank you in advance for your assistance. adaniel Deckard's System Scanner v20071014.68 Run by Administrator on 2008-05-07 00:07:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Unable to create WMI object; The operation completed successfully. Backed up registry hives. Performed disk cleanup. Total Physical Memory: 447 MiB (512 MiB recommended). -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:10 AM, on 5/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINDOWS\System32\svchost.exe C:\UBL\bin\UBLServ.exe C:\Program Files\TightVNC\WinVNC.exe C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\download\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-796845957-861567501-839522115-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-796845957-861567501-839522115-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.daviencrod.org/controls/LTOCX14N.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/...ad/tgctlcm.cab O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.daviencrod.org/controls/prntpro2.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adasbsw2k.local O17 - HKLM\Software\..\Telephony: DomainName = adasbsw2k.local O17 - HKLM\System\CCS\Services\Tcpip\..\{237BBED6-6359-47F4-98E9-8990EE67E7E2}: NameServer = 10.0.100.4,208.216.228.253,205.152.37.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{70B5FB41-8C88-4273-8DCD-936E0154093A}: NameServer = 10.0.100.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{85B98F4F-034D-42C5-B177-273EAA6CF856}: NameServer = 208.216.228.253,208.216.228.221 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adasbsw2k.local O17 - HKLM\System\CS1\Services\Tcpip\..\{237BBED6-6359-47F4-98E9-8990EE67E7E2}: NameServer = 10.0.100.4,208.216.228.253,205.152.37.23 O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: U/BL Server (UBLService5) - Unknown owner - C:\UBL\bin\UBLServ.exe O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe -- End of file - 8218 bytes -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - unable to read value .bat - batfile - shell\open\command - unable to read value .bat - batfile - shell\edit\command - unable to read value -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys 2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver> 3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> 3 sshvnic (SSH Virtual Network Adapter (sshvnic)) - system32\drivers\sshvnic5.sys (file missing) 2 W55U01 (WINBOND W55U01 USB) - c:\windows\system32\drivers\w55u01.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2 BackupExecAgentAccelerator (Backup Exec Remote Agent for Windows Servers) - c:\program files\veritas\backup exec\rant\beremote.exe 2 CVPND (Cisco Systems, Inc. VPN Service) - c:\program files\cisco systems\vpn client\cvpnd.exe 2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module> 2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module> 2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe 2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe 2 McTaskManager (Network Associates Task Manager) - c:\program files\network associates\virusscan\vstskmgr.exe 2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe 2 UBLService5 (U/BL Server) - c:\ubl\bin\ublserv.exe 2 winvnc (VNC Server) - c:\program files\tightvnc\winvnc.exe -- Device Manager: Disabled ---------------------------------------------------- Unable to create WMI object. -- Files created between 2008-04-07 and 2008-05-07 ----------------------------- 2008-05-07 00:09:50 0 d-------- C:\Program Files\Trend Micro 2008-05-06 23:55:12 0 d-------- C:\ie-spyad_zo 2008-05-06 23:50:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:49:57 0 d-------- C:\Program Files\SpywareBlaster 2008-05-06 16:27:00 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys 2008-05-06 16:27:00 0 d-------- C:\Program Files\Belarc 2008-05-06 14:43:07 0 d-------- C:\Program Files\Panda Security 2008-05-06 14:43:03 0 d-------- C:\WINDOWS\LastGood 2008-05-06 00:10:57 691545 --a------ C:\WINDOWS\unins000.exe 2008-05-06 00:10:56 2549 --a------ C:\WINDOWS\unins000.dat 2008-05-04 09:42:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-05-04 09:42:23 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-05-04 09:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-01 00:01:18 21879 --a------ C:\TX4210.COM 2008-04-30 23:59:10 18653 --a------ C:\TX4210 -- Find3M Report --------------------------------------------------------------- 2008-05-04 09:36:46 0 d-------- C:\Program Files\Common Files 2008-03-29 18:28:44 0 d-------- C:\Documents and Settings\Administrator.ADASBSW2K\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/14/2002 06:29 PM] "CARPService"="carpserv.exe" [05/21/2003 04:35 PM C:\WINDOWS\system32\carpserv.exe] "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [08/15/2002 07:26 AM] "QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [01/30/2003 11:53 PM] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/18/2003 11:03 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/18/2003 10:57 PM] "ATIModeChange"="Ati2mdxx.exe" [08/15/2002 06:18 PM C:\WINDOWS\system32\Ati2mdxx.exe] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [08/26/2002 07:08 PM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/26/2003 05:25 PM] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/29/2003 08:10 AM] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [09/10/2003 04:11 AM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM] "WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [05/07/2007 08:28 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" *Newly Created Service* - BANTEXT *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2008-05-07 00:11:01 ------------ |
|
     
|
|
| Thread Tools | |
|
|
![[SOLVED] xp pro laptop running very slowly, symptoms keep changing](http://www.techsupportforum.com/cwd/iconimages/hijackthis-log-help/solved-xp-pro-laptop-running-very-slowly-symptoms-keep-changing.gif)
