Solved

PC is running slow 2.8GHZ 256MB RAM,  ran CWshredder and cannot get rid of Begin2Search Toolbar

Posted on 2004-09-29
4
168 Views
Last Modified: 2010-04-14
Here is my Hijack log,  any suggestions.

     Logfile of HijackThis v1.98.2
Scan saved at 2:23:56 PM, on 9/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\starter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\WINDOWS\system32\DESKMENU.EXE
C:\Commence\commence.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teitelbaum.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Var1Helper Class - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\system32\inetdctr.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - Global Startup: Deskmenu.lnk = C:\WINDOWS\system32\DESKMENU.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O9 - Extra 'Tools' menuitem: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2033030bde2f96a71e05/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2698733D-F599-4AD9-BA91-DBDA1F3EE633}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D1BC6B-143C-48CB-982D-C21565C47DC2}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AD703F6-4AEB-4CE4-9B83-3FB76419CD8A}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C31160C-A7DB-40AF-8E12-1BE3BE8755AB}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9F0AEE6-1DE1-4EC7-B42C-26031100B9F8}: NameServer = 22.255.3.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2



0
Comment
Question by:colm7144
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12183181
Hello colm7144 =)

U can use this site to analyse ur log file now >> http://www.hijackthis.de/index.php?langselect=english
it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12183193
Also Use ToolbarCop to remove the unwanted Toolband, Toolbar Icons and BHO:
http://www.mvps.org/sramesh2k/toolbarcop.htm
( site credit goes to Ramesh >> http://www.experts-exchange.com/M_926622.html :)

and REMEMBER whenever u run those spyware removal tools, run them in safemode to delete everything they detect !!
Post Back and Good Luck :)
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183723
And please be ask kind as to not place your hijack.log file on the site... You could better try to explain your problem so we can help (which Sheharyaar allready did)...

Regards
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12184158
MORE MEMORY - 256 MB is a little on the low side.  Using a spyware monitor, a virus monitor, InCD, and regular windows services is going to eat at least 1/3 of your available memory.  Then if you try doing anything memory intensive (editing large graphics or video, working with layout programs (Quark, Publisher, Pagemaker, Photoshop, Illustrator, etc), and/or try to do MORE than one thing at a time - have a several Internet Explorer Windows open, your email, and Word, you are taxing the system.  Double your RAM.  Triple it if you can.  That will help.

Of course, there could be other bottlenecks.  Perhaps you have a CHEAP hard drive that's only 5400 RPM (probably not, but you never know), perhaps your graphics card is sub-par. Large number of options here.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Google always has something new and amazing up its sleeve, and the most current thing that they have been working on is another step in the evolution of Google Search, from machine learning to its brilliant successor, deep learning.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question