Solved

PC is running slow 2.8GHZ 256MB RAM,  ran CWshredder and cannot get rid of Begin2Search Toolbar

Posted on 2004-09-29
4
170 Views
Last Modified: 2010-04-14
Here is my Hijack log,  any suggestions.

     Logfile of HijackThis v1.98.2
Scan saved at 2:23:56 PM, on 9/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\starter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\WINDOWS\system32\DESKMENU.EXE
C:\Commence\commence.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teitelbaum.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Var1Helper Class - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\system32\inetdctr.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - Global Startup: Deskmenu.lnk = C:\WINDOWS\system32\DESKMENU.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O9 - Extra 'Tools' menuitem: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2033030bde2f96a71e05/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2698733D-F599-4AD9-BA91-DBDA1F3EE633}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D1BC6B-143C-48CB-982D-C21565C47DC2}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AD703F6-4AEB-4CE4-9B83-3FB76419CD8A}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C31160C-A7DB-40AF-8E12-1BE3BE8755AB}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9F0AEE6-1DE1-4EC7-B42C-26031100B9F8}: NameServer = 22.255.3.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2



0
Comment
Question by:colm7144
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12183181
Hello colm7144 =)

U can use this site to analyse ur log file now >> http://www.hijackthis.de/index.php?langselect=english
it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12183193
Also Use ToolbarCop to remove the unwanted Toolband, Toolbar Icons and BHO:
http://www.mvps.org/sramesh2k/toolbarcop.htm
( site credit goes to Ramesh >> http://www.experts-exchange.com/M_926622.html :)

and REMEMBER whenever u run those spyware removal tools, run them in safemode to delete everything they detect !!
Post Back and Good Luck :)
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183723
And please be ask kind as to not place your hijack.log file on the site... You could better try to explain your problem so we can help (which Sheharyaar allready did)...

Regards
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12184158
MORE MEMORY - 256 MB is a little on the low side.  Using a spyware monitor, a virus monitor, InCD, and regular windows services is going to eat at least 1/3 of your available memory.  Then if you try doing anything memory intensive (editing large graphics or video, working with layout programs (Quark, Publisher, Pagemaker, Photoshop, Illustrator, etc), and/or try to do MORE than one thing at a time - have a several Internet Explorer Windows open, your email, and Word, you are taxing the system.  Double your RAM.  Triple it if you can.  That will help.

Of course, there could be other bottlenecks.  Perhaps you have a CHEAP hard drive that's only 5400 RPM (probably not, but you never know), perhaps your graphics card is sub-par. Large number of options here.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Changing MS Windows 2003 Server product key 6 328
HP ML 110: This System is not supported platform 1 521
Migrate DFS role 3 863
Windows 2000 48-bit LBA 13 54
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Originally, this post was published on Monitis Blog, you can check it here . Websites are getting bigger and more complicated by the day. Video, images and custom fonts are all great for showcasing your product or service. But the price to pay in…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question