Solved

PC is running slow 2.8GHZ 256MB RAM,  ran CWshredder and cannot get rid of Begin2Search Toolbar

Posted on 2004-09-29
4
172 Views
Last Modified: 2010-04-14
Here is my Hijack log,  any suggestions.

     Logfile of HijackThis v1.98.2
Scan saved at 2:23:56 PM, on 9/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\starter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
C:\WINDOWS\system32\DESKMENU.EXE
C:\Commence\commence.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.teitelbaum.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Var1Helper Class - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\system32\inetdctr.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe
O4 - Global Startup: Deskmenu.lnk = C:\WINDOWS\system32\DESKMENU.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O9 - Extra 'Tools' menuitem: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2033030bde2f96a71e05/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2698733D-F599-4AD9-BA91-DBDA1F3EE633}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D1BC6B-143C-48CB-982D-C21565C47DC2}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AD703F6-4AEB-4CE4-9B83-3FB76419CD8A}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C31160C-A7DB-40AF-8E12-1BE3BE8755AB}: NameServer = 22.255.3.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9F0AEE6-1DE1-4EC7-B42C-26031100B9F8}: NameServer = 22.255.3.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E705D8C-4809-4F49-A4D1-12BB389C580E}: NameServer = 22.255.3.2



0
Comment
Question by:colm7144
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12183181
Hello colm7144 =)

U can use this site to analyse ur log file now >> http://www.hijackthis.de/index.php?langselect=english
it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12183193
Also Use ToolbarCop to remove the unwanted Toolband, Toolbar Icons and BHO:
http://www.mvps.org/sramesh2k/toolbarcop.htm
( site credit goes to Ramesh >> http://www.experts-exchange.com/M_926622.html :)

and REMEMBER whenever u run those spyware removal tools, run them in safemode to delete everything they detect !!
Post Back and Good Luck :)
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12183723
And please be ask kind as to not place your hijack.log file on the site... You could better try to explain your problem so we can help (which Sheharyaar allready did)...

Regards
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12184158
MORE MEMORY - 256 MB is a little on the low side.  Using a spyware monitor, a virus monitor, InCD, and regular windows services is going to eat at least 1/3 of your available memory.  Then if you try doing anything memory intensive (editing large graphics or video, working with layout programs (Quark, Publisher, Pagemaker, Photoshop, Illustrator, etc), and/or try to do MORE than one thing at a time - have a several Internet Explorer Windows open, your email, and Word, you are taxing the system.  Double your RAM.  Triple it if you can.  That will help.

Of course, there could be other bottlenecks.  Perhaps you have a CHEAP hard drive that's only 5400 RPM (probably not, but you never know), perhaps your graphics card is sub-par. Large number of options here.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What do responsible coders do? They don't take detrimental shortcuts. They do take reasonable security precautions, create important automation, implement sufficient logging, fix things they break, and care about users.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question