Hijackthis Log

[Schulze]

Im having some problem with my computers performance. Im not sure if it's a virus, i think it may be a hardware problem but ill post the log so i can narrow down the possibilities

 

[Bobbye]

Moderator: Please remove the pasted log.

 

[Schulze]

Moderator: Please remove the pasted log.

i remove the pasted log^^

 

[Bobbye]

Thank you> I wasn't sure you'd be able to if I had a reply after your post. We prefer the logs to be attached, and when they are, there is no need to paste them also.

Im having some problem with my computers performance.

Please be specific about the problems.

Im not sure if it's a virus,

You do not have an antivirus program running- chances are great that you have malware:

Please follow the Steps in the Virus/Spyware/ Malware Removal HERE.

Step 1 will give you AV recommendations. After you install an AV program, run a full system scan.

The current HijackThis log only has two incomplete entries- that is not enough to determine if you have malware. Follow the 8 Steps, run HijackThis again, AFTER Malwarebytes and SuperAntispyware.

Attach all three logs.

 

[Schulze]

Ok the "problems" are that my CPU seems higher than it should be (40% with firefox,thunderbird and msn running) and when im doing things (mainly using web browser or in the menu's of games and not in the actual playing part) the mouse/keyboard lags for like 1second often, but this doesnt happen always. Today it hasnt really been a problem but last night (when i made post) it was Really bad!

Im using the latest version of PC Tools' Spyware doctor (anti-vir and Spybot)
I have tried Ccleaner.


I will try what you said and get back to you

Thanks for help

 

[Bobbye]

PC Tools' Spyware doctor (anti-vir and Spybot)

SpywareDoctor is a high resource user. It does not have an AV program bundled with it.
Spybot Search & Destroy is a spyware/adware program.

 

[Schulze]

hmmm... the title of spyware doctor is "Pc tools Spyware Doctor with antivirus" i can give you screenshot but i doubt that will change much of the problem

 

[Schulze]

ok i've done what you said and here are the logs.

 

[Bobbye]

Well, you are one up on me! Sorry, I didn't realize an AV can be included. However, I did read up on it and will make the following comments:
1. PC Tools Spyware Doctor w/AV v5.5 is "buggy."
2. PC Tools Spyware Doctor w/AV v6 has bug worked out, but is not related highly for it's AV coverage.
In fact, the AV is rated #16 out of 18 AV programs.

If you can identify the processes that have high CPU usage, you might find they belong to PCTools:
C:\Program Files\Spyware Doctor\pctsAuxs.exe>> anti-malware program.
C:\Program Files\Spyware Doctor\pctsSvc.exe>> comment from user:

"The only thing I was worried about was the spydoctor process pctssvc.exe using lots of my CPU time intermittently. When I disable spydoctor, the computer works great, very fast."

Reply to comment:

"Spydoctor is an excellent program to have. But you should be able to configure it so that it doesn't run in the background. It's providing real time protection, so you'll lose that functionality in exchange for performance. But you can always update it manually and run a scan on a regular basis as needed."

Additional comment:

"Spyware Doctor PctsSvc.exe problem
Spyware Doctor ver. 5.5.1.322, process PctsSvc.exe using 100% of resources sporadically. I have read on the internet it is a problem the company has not fixed. Is there a way to solve it? Will there latest version 6.0.0.385 fix it? Are there other problems in this new version? I don't trust them and am sorry I ever switched to Spyware Doctor.

C:\Program Files\Spyware Doctor\

"but my PC has been acting a little strange and slow. I checked and pctstray.exe is using and average of about 33% of my cpu. This just started happening, did you guys put out some kind of update recently?"

Reset Cookies:

For Internet Explorer to prevent the Tracking Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

Update Adobe:

Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php

WoWEmuHacker5.exe

Looks like you got a torrent download for this program and you also got malware with it. Mbam removed it but I suggest you find the program> right click> scan with both the AV and the spyware/adware programs

These 2 entries in the HijackThis log can be checked for removal:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
(This CLSID is for Windows Live Messenger addon. Name: Click-to-Call BHO
Filename: wlchtc.dll) But since the file is missing, check to have HijackThis remove it.

O4 - Global Startup: Keyspan USB Server Task.lnk = ?
Another possible high resource user. The Keyspan USB Server makes it possible to share USB printers and USB scanners across a LAN in a home office, small office or classroom," I recommend you remove it from global start up and start manually when needed.

If the performance problem persist:
Prepare the system for shutdown but don't shut down. Instead, right click on Taskbar> Task Manager> Processes tab> click twice on frame above CPU column to sort.

the only CPU use you should see now are taskmgr, System and System Idle. There should add up to 100% of the CPU. Any other processes over 1-2 are the problem. Identify them and take off of Startup.

 

[Schulze]

ok i've tried all of what you've said, I completely quit out of PCtools spyware doctor but it still didnt seem to help in anyway, i deleted that file through Hijackthis

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
(This CLSID is for Windows Live Messenger addon. Name: Click-to-Call BHO

but i did find a way temporarily way to stop the problem by disabling the wireless through network connections.

I use Linksys WMP300N if that helps in any way.


Also you said to remove

O4 - Global Startup: Keyspan USB Server Task.lnk = ?

but i need this to print because the printer in shared between our network through the router, not through another computer.

Thanks

 

[Bobbye]

Well that puts us back to this entry:
Keyspan USB Server Task: what are you using this for?

O4 - Global Startup: Keyspan USB Server Task.lnk = ?
Another possible high resource user. The Keyspan USB Server makes it possible to share USB printers and USB scanners across a LAN in a home office, small office or classroom," I recommend you remove it from global start up and start manually when needed.

 

[Schulze]

i just edited my last post for that sorry just after u sent that^^

 

[Schulze]

Well that puts us back to this entry:
Keyspan USB Server Task: what are you using this for?

i need this to print because the printer in shared between our network through the router, not through another computer. (it's a USB print server)

 

[Schulze]

Prepare the system for shutdown but don't shut down. Instead, right click on Taskbar> Task Manager> Processes tab> click twice on frame above CPU column to sort.

What do you mean by prepare for system shutdown? do you mean like shutdown but cancel it before it actually shuts down? cos that confused me soz

 

[Bobbye]

When you prepare the system for shutdown, you close all open and active Windows, programs and email. But instead of logging off and shutting down, open the Task Manager and see what is consuming the CPU besides the 3 processes I mentioned.

Print server okay. The URL shows here: C:\Program Files\Keyspan\USB Server\nhciTask.exe. Sorry, I missed this in your programs.

 

[Schulze]

When you prepare the system for shutdown, you close all open and active Windows, programs and email. But instead of logging off and shutting down, open the Task Manager and see what is consuming the CPU besides the 3 processes I mentioned.

I tried that and the programs that where mainly up where google desktop (which went from 0-10), jqs (0-3), isass.exe (0-3)

 

[Schulze]

Just one other thing, the only way (so far) to fix it is to turn off the wireless connection for this computer, once i do that everything works perfectly (except for the internet/network of course) im gonna try to reinstall network card and drivers and ill get back to you.

Thankyou for all your help Bobbye i appreciate it alot

 

[Bobbye]

Please verify spelling: Very important!

isass.exe >>> isass.exe is the main component of the backdoor, which is a variant of OptixPro backdoor. (Trojan)
or
lsass.exe>>> Local Security Authentication Server. Mine is running, but does not show any CPU usage.

jqs is the Java quick Start. It is a Service that began with the Java v6u10 update. You can Disable this Service:
Start> Run> services.msc> right click on Java Quick Start> Properties> Change Startup type to Disabled> Stop the Service.Java uses this for prefetch. It is an unnecessary use of resources and Java works fine without it.

google desktop >> advise uncheck on Startup.
click on start->run->type msconfig->click Selective startup-> Startup tab> uncheck googledesktop ->apply->OK.

Note: on first reboot after unchecking anything o Startup, you will get a nag message that you can ignore and close after checking 'don't show this message again.' stay in Selective Startup.

 

[Schulze]

isass.exe >>> isass.exe is the main component of the backdoor, which is a variant of OptixPro backdoor. (Trojan)
or
lsass.exe>>> Local Security Authentication Server. Mine is running, but does not show any CPU usage.

Yea sorry it is lsass.exe and not isass.exe that I have. Do you have any other ideas on why my system is doing what it's doing? it's somthing to do with the wireless because when i disable that the problem stops.

Thanks once again

 

[Bobbye]

We get that misspelling frequently and we always have to get it verified.

Yes, the problem is pointing to a bad wireless router! Here's the giveaway:

but i did find a way temporarily way to stop the problem by disabling the wireless through network connections.

Check this problem same n the Linksys Forum. You may be able to apply something done there. If not, use the 'switch to Netgear' suggestion:
http://forums.linksys.com/linksys/board/message?board.id=Wireless_Adapters&thread.id=9085



You can try resetting the router if it has that capability. IOf not, think "new."

 

[Schulze]

Yes, the problem is pointing to a bad wireless router!

You mean adapter right? not router. But anyways my adapter is like brand new and i dont really wanna go get a new one. But i do have like 5 other adapter lying around that i can try, ill look on linksys forums and see what i can find

Thanks