Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:50:54, on 03/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 R3 - URLSearchHook: BigMAQ Toolbar - {7f312b9a-208b-49fa-8218-b9aa22ec1463} - C:\Program Files\BigMAQ\tbBigM.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: BigMAQ Toolbar - {7f312b9a-208b-49fa-8218-b9aa22ec1463} - C:\Program Files\BigMAQ\tbBigM.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: BigMAQ Toolbar - {7f312b9a-208b-49fa-8218-b9aa22ec1463} - C:\Program Files\BigMAQ\tbBigM.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135458776182 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11790 bytes
Why do you think the slowness is virus/spyware related? What are your system specs? NEED MORE DETAILS THAN AN HJT LOG!!! Be descriptive.
Thanks Mr. Lightning... paddybongYour logfile doesnt look bad but I'm no expert, I've just ran the program and fixed a few machines before. Have you added any new hardware/software lately?
RAN MCAFEE AND FOUND SOME TROGENS GOT RID OF THEM,AFTER SCAN EVERYTHING IS FINE NO BAD STUFF BUT STILL VERY SLOW, PS MY LAST ANTY VIRUS WAS NORTON AND IT FOUND A VIRUS CALLED DOWNLOADER MAGICIAN AND I COULD NEVER GET RID,BUT MCAFEE DIDENT FIND IT. THANKS PADDY
Systems generally run slow because : 1.) adware/virus/trojans 2.) not enough memory ( RAM ) 3.) not enough virtual memory 4.) not enough Hard Drive space. 5.) hard drive needs to be maintained ( defragged and error checked ) 6.) too much unnecessary crap running at startup thru registry or startup folder.
paddybong Could you run a program for me? Download CCleaner and run it. It is not a virus scan, it will clean unneeded files and make your windows run a bit faster, then defrag system like #5 on vballstud's list. Doing this will make the next steps easier also. Turn off any antivirus/ spyware program and use an online scanner like http://housecall.trendmicro.com/ or http://www.kaspersky.com/virusscanner Let us know if it finds anything, I couldnt find virus DOWNLOADER MAGICIAN using google so I figure lets let something else besides Norton or Mcaffee (neither great security programs) look at things. vballstud's reason #2 is in effect also... You dont have near enough memory to run XP efficiently. It might work on a clean installation of XP, but once you load programs and the task manager adds processes it slows down quickly. Try to add memory.
Take it easy on the cap lock there... Norton and McAfee are popular brand names for anti-virus programs, but are hardly anywhere near being close to the top in virus/trojan removal. It seems like they may have 50-75% of the most recent viruses/trojans definitions out there. ( I pulled that number out of my arse, but let's just say other free online scanners find a lot of crap that norton and mcafee don't pick up ) I personally started using Avast! AntiVirus Home Edition and it's free if you register the product. http://www.avast.com/eng/download-avast-home.html Just in the last day or two I've heard the chime indicating a new update go off at least a half dozen times. Kaspersky, MicroTrend, and PandaScan are three online free virus scanners which can show you just how inadequate Norton and McAfee really are.
ccleaner http://www.filehippo.com/download_ccleaner/download/86e6a458e780243c3a944b66ec60b319/ spybot s&d http://www.majorgeeks.com/download2471.html
With over a 2ghz processor it should fly like a butterfly,sadly the ram department is seriously lacking, that's not all, i recognize a few program updater's that chew up a bit of ram also & are totally unnecessary to have running,you can use ccleaner (clik the tools button then click the startup button) to ether disable or delete the registry entries for those programs,doing so won't affect the app itself HPWuSchd2.exe = auto updater - safe to disable jqs.exe = java quick start-safe disable or delete GoogleToolbarNotifier.exe = It runs in the background to check if there is another search that tries to replace it up to you whether to disable or delete realsched.exe = realplayer auto updater-safe to disable or delete jusched.exe = java updater schedular - safe disable or delete ok there's a few more you need to check as to whether they're necessary you'll need to do a web search SAgent2.exe iTunesHelper.exe = Performs background functions such as providing communication with docked iPod's and preloads files to help iTunes start faster calcheck.exe hpqtra08.exe iPodService.exe - safe to disable,would'nt recommend deleting as you'll need it for ipod detection,tho by all accounts it uses a bit of resource if comments i've seen are anything to go by Yeah anyway there's other stuff in the task manager that could most probably be stopped to free the cpu up OK now lets get down to the real nitty gritty imo,whether you do is immaterial to me that said my hp S5020AN creates a gale force storm when it's running & i'm having to bolt my chair to the floor & strap myself in it,you're biggest speed issue apart from a good defrag is the tiny amount of ram & a pagefile on the same drive,you could get a performance boost by increasing to 1gb ram but to make it really perform 2gb would be better then to compliment the ram get another hdd,it don't matter how small or big just get the pagefile on a slave drive,what size pf well this is what i've done Presario S5020AN 2GB Ram 1 x 500gb set as master for OS & data 1 x 500gb set as slave data partition,pagefile of 4gb in a partition of 5gb, & lastley an ubuntu partition AGP 256 graphics card, since i'm runing windowblinds & other eye candy crap even if i put my original 40gb 5400rpm hdd back in it would perform just as good as the faster 500's it's bloody astounding what a little ram & moving the pf can do for performance Edit: If money is an issue & when is it not get the ram first i would'nt recommend wasting money on getting 2 x 512 sticks been there done that,the amount of proggys you have would chew that up go straight to 2gb,that should be more than enough so long as you're not doing graphical designing etc,you'll need to increase the amount of pagefile on c drive to 3gb or more to reflect the ram change,Oh yeah before doing a defrag set the pagefile to none then defrag in safemode,turn off hybernation file too as they're both the green bits you see in the defrag window & neither can be defragged,reset the p/file before rebooting & reset the hyber file but only if you use it. ps: i'll post link later to a small app that will attach itself to the taskmanager that you can use to tell you what the process is & whether it's safe to turn off or not,it's by uniblue & once you've finished with it,it can be removed or left as it can be set to manual start so doesn't add to more running processes,it's microsoft certified http://www.processlibrary.com/quicklink/
Hey scorpNZ, between my "too short to really explain stuff" posts and your "extended length versions" we might just zero in on the problem! Lets start a company, we have good checks and balances going on...LOL!!!
