TechSpot

Computer acting funny? (HJT log)

By Richard132
Sep 29, 2007
  1. So l8ly my com seems to be doing alot of scanning which laggs my computer really bad and freeze ups i allways know when its finished because the floppy disc drive lights up n makes a loading noise but this happens about 9 times a day? could you see if there is anything Malicious or find out whats doing these annoying scans? thanks alot :)
     
  2. evilfantasy

    evilfantasy Banned Posts: 428

    This will help get you started in cleaning up your computer.

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Richard, in addition to the logs, do you perform any routine maintenance on the system- like disc cleanup, error check, defrag, run anti-virus and spyware/adware scans, updating each right before the scan. Have you stopped all unnecessary programs from starting up and running in the background, using the msconfig utility.

    Which operating system do you use, how much installed RAM do you have and which browser and version do you use?
     
  4. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    I dont know how to stop and start background running processes, i use windows XP pro / 512ram /firefox and yes i do do regular maintenance.

    and evilfantasy i will get back to you soon because that is ALOT of stuff to do and with my busy life its going to be hard to fit in :) i will post asap :)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, Richard, it's time you learn! This will take you through the entire process. Know that the only startup programs you must have are the anti-virus program, firewall, touchpad if on laptop, possibly network settings. All the rest slow the system down can be called on to start up when needed:

    Working in msconfig to stop unnecessary programs from starting up, This will improve the performance of your system.

    Start> Run>type in 'msconfig' (no quotes)> OK> click on Selective Start-up> Startup tab. For any programs you don't recognize, refer to any of the sites below for ID. If you don't need them to startup and run in the background, click to remove the check.
    NOTE: if you can't see enough to ID the program name, put your cursor over the dividing line at the top of the column and move it to the right.
    NOTE: you will need to stay in Selective Start-up after making changes. If you do not, it will revert back to Normal and include the programs you stopped.
    NOTE: if you find you do need something you stopped, the program will still be there and you can go back in an recheck it.
    NOTE: you will get a 'nag' message about being in Selective Start-up. Check 'don't show me this message any more.'> Close on the X.

    STARTUP APPLICATION DATABASE LIST
    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
    http://startup.iamnotageek.com/ http://www.pcpitstop.com/spycheck/SWDetail.asp?fn=gah95on6.exe

    Additional msconfig info:
    How to troubleshoot by using the System Configuration utility in Windows XP
    http://support.microsoft.com/default.aspx?scid=kb;en-us;310560

    How to use msconfig: excellent reference site with screen shots:
    http://www.netsquirrel.com/msconfig/
     
  6. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    Done the online scans etc

    managed to get a HJT log when the scan was active aswell :)

    i cant do the other logs because those programs clash with my current protection.

    @bob ty for the info :) disabled about 7 programs ;D
     
  7. Jase123

    Jase123 Banned Posts: 1,012

    You are using an outdated version of HJT. Please could you download the latest one from HERE, and post a fresh HJT log.

    Regards Jase :)
     
  8. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    sorry about that :)

    updated.

    EDIT: in the outdated log it showed alot of missing dll's? :S (when the scan was active)
     
  9. Jase123

    Jase123 Banned Posts: 1,012

    This needs to be deleted:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Also, i recommend you moving msn plus from your computer, as it is known to come with spyware.

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    Apart from that, i can't find anything else unusual in your HJT log.

    Go through these instructions: http://www.techspot.com/vb/topic58138.html

    Please could you run AVG Antispyware, and post a Combofix log too.

    Also, Let me know the results of the Panda Antirootkit scan.

    Regards Jase :)
     
  10. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    hi sorry taking so long...

    right would i be able to start over? my younger cousin has downloaded random stuff iv done alot of scans and nothing but just to be safe...

    will post "Please could you run AVG Antispyware, and post a Combofix log too.

    Also, Let me know the results of the Panda Antirootkit scan." asap :) cannot today doing night shift... horrid i know.
     
  11. evilfantasy

    evilfantasy Banned Posts: 428

    From the amount of time that has passed it would be best to start back on post #2 and submit all fresh logs.
     
  12. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    hi so i started all of it at 11am it is now 7:40 pm!!

    Panda antirootkit came back clean.

    here are all the logs

    also as i done step 13 (unhiding folders/files) AOL spyware protection popped up with some things but iv done ALL the steps you asked and nothing came back? but i think AOL is well known for all its false positives.

    screenshot:

    http://img215.imageshack.us/img215/5738/issueud0.jpg

    and it doesnt show locations because ofcourse.. its AOL -sigh-

    looking forward to your reply :)
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Richard, here are some more to take off startup

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    AOLSP Scheduler.exe> disable this AOL Automatic Spyware Protection. You can initiate the once a week scan yourself without starting this up and having it run in the background.

    AOLDial.exe: needed IF you have a dial-up connection and IF you want to connect to the Internet via AOL without first having to start your main AOL software and connect to your email. But not everyone necessarily wants to connect to the Internet immediately after turning the PC ON, and on PCs which use modem connections rather than broadband this task can not only add significantly to the boot-up time of the PC, but, worse, on some PCs, because of timing issues, it will give errors either on boot-up or on shutdown, or both. It is recommended that you disable this feature and take it off of start-up.

    AOLacsd.exe: supposedly reconnects you to AOL if you lose your connection while online. It runs as a task in Win9x/ME, and as a service under WinNT4/2000/XP/2003. Reasons to stop it:
    1. this task is responsible for boot-up errors on some PCs.
    2. constant autodials on boot-up of some PCs.
    3. it is incompatible with some programs on others (you have to terminate ACSD to use the programs without problems)
    4. on other PCs it uses inconsiderable amounts of memory for what its role is, on some Win2000/XP PCs we have found it running away with CPU resources and incredibly slow PCs as a result.
    5. and, worse, it stays around when you have deliberately closed your Internet connection.
    answesrthatwork.com has this to say: "This, in our opinion, is TerribleWare ! "

    VS7DEBUG\MDM.EXE is the Its the M$ debugger. Stands for Machine Debug Manager. Its not essential, but can help if one knows how to use it. It is usually used as a developers tool> Remove it from startup.

    Please note: Process descriptions and recommendations are from:
    http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All your log files are clean.

    I don`t think you have a malware problem.

    Regards Howard :)
     
  15. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    cool :) so do you think those AOL alerts are false positives?

    also when i right click zonealarm it says gamemode? do i change it to that when i play a game? lol

    and in your tutorial you say to turn off AVG anti spyware sheild? why is this?

    thanks :)
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    What exactly is Aol alerting you to?

    Zonealarm Gamemode is for playing online games, so yes, change it to game mode if you need to.

    I recommend to diasble AVG Antispyware`s active shield in order to reduce system resources. Also, when running any fix in HJT etc, it can interfere with fixes.

    Regards Howard :)

    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The file istbar is an adware toolbar and shouldn`t be installed.

    Pockill may be legit or malware, However, I recommend you have your AV programme delete it.

    Mirar is adware and should be uninstalled from add remove programmes.

    bifrost might be a trojan and should be fixed by your AVG programme.

    Regards Howard :)

    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    see i dont think i actually have those... is it possible that ALL of them are false positives? because i done all the tests all my logs was clean? just seems odd?
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t think they are false positives, otherwise, how could your AV programmme find the files on your system?

    Can you find the actual location of the files themselves?

    Regards Howard :)

    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    no i cant AOL spyware protection is crap like that :( but if they do exsist on my computer how comes all those scans i did didnt detect it? iv looked in all locations this "virus" lurks and find nothing?

    iv rerun avg and still nothing?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, uninstall AOl antispyware as it seems it`s giving false positives. I can`t find anything further nasty on your system.

    Regards Howard :)

    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    nice :) well last post just incase ^^


    fresh HJT log just incase.

    thanks alot for your help. :)
     
  24. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Clean as a whistle mate.

    Regards Howard :)

    This thread is for the use of Richard132 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  25. Richard132

    Richard132 TS Rookie Topic Starter Posts: 40

    thanks nether the less :p
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...