TechSpot

Periodic lag

By Chronus
Aug 30, 2009
  1. Hey, helping a friend wiht her computer, ran the scans and including some other info for help.
     
  2. strategic

    strategic TechSpot Paladin Posts: 1,020

    These are just malware bytes scans...
    I'll assume you are having trouble with malware,
    In that case, you should follow this,
    http://www.techspot.com/vb/topic58138.html
    And post all the logs when complete.
    We'll do our best from there.
     
  3. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    some more logs

    The registry were things that the Ccleaner found problems with in the registry cleaner. Also is there a way to get a log of all the programs that are in the msconfig:Startup that i can show you guys and get some help on things to get rid of.

    Thanks for any help you can give.
    Chronus

    PS:
    Sorry, last time i posted the person asked for all the previous logs and so i thought i would get them all in now instead of when i get back.
     
  4. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    And yes, i did complete the 8 steps before posting any of the logs.
     
  5. strategic

    strategic TechSpot Paladin Posts: 1,020

    THe following should be removed using HiJackthis!

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: (no name) - {C378F1A7-F2D3-46BB-95F5-58979019EDB7} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    Download and install this, http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx, open it and click save as in the file menu, post the log file, between that and the hijack log, we should be able to eliiminate quite a bit.:)
     
  6. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    kk fresh hijack this and other log
     
  7. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    I don't know if you'd be interested in these, but after i did the scans you recommended i did a scan with spybot search and destroy and these are what is in the log folder, it fixed 13 things. (this was before the fixes with the hijack this and the explorer)
     
  8. captaincranky

    captaincranky TechSpot Addict Posts: 11,707   +1,887

    This is only "sorta" spyware. There are a couple processes initiated by Realtek Audio, it phones home, but isn't harmful, At least I'm guessing that, if it's in the "Realtek" program folder, it's good. You can disable this from running at startup with the Spybot S&D that's already installed on the machine. Use Spybot in "advanced" mode , expand "tools" then click on "system startup", every process running at startup is explained, and can be shut down. The eliminates the need to run "msconfig" to control startup programs and processes.

    The "wild tangent" is a big problem ands needs to be fixed.

    In the future, (after the cleanup), you should either use CCleaner, or configure Firefox to eliminate the "tracking cookies" The CCleaner finds them almost instantly, rather than doing lengthy scans with an anti-spyware program. Firefox will dump the cookies upon exiting the program when correctly configured. Thus; "tools" > "options" > "privacy", then set keep cookies "until I close Forefox" and you can also set "clear history when I close Firefox". It's almost like you were never there, but be prepared to renter your password at Techspot when you return.
     
  9. snowchick7669

    snowchick7669 TS Maniac Posts: 660

    That one is a legit BHO, relating to Microsoft Money.

    What did you use to research those entries strategic?

    This one is part of the AVG antivirus, even though it says 'no file' it doesn't necessarily mean just that.

    You are getting them to remove legit files
     
  10. Zyldar

    Zyldar TS Rookie Posts: 34

    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\Owner\LOCALS~1\Temp\install_en.exe"

    Looks very suspicious in your last Hijackthis log. Legitimate programs generally do not run from a Temp folder.

    You should remove that entry using Hijackthis - place a check on the item and allow hijackthis to remove it.

    Hope that helps.
    Zyldar
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Multiple antivirus programs, Foistware, P2P> all will cause vulnerabilities and malware.


    Zydlar, you don't have a user remove an entry because "Looks very suspicious in your last Hijackthis log." You find out what it is-then act appropriately.
     
  12. Zyldar

    Zyldar TS Rookie Posts: 34

    That's a good point. The program can be disabled using MSConfig or you can backup the registry entry first prior to removing it. If you later determine that you need the program running on bootup, you can simply re-enable it using MSConfig.

    If you need details on backing up the Registry or using MSConfig, please leave a post here.

    Hope that helps.
    Zyldar
     
  13. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    Ok, i'm geting so much information. so can one person tell me what to do.

    Also, is there anything i can do about periodic lag spikes that kills anything that is running at the time, or am i SOL?
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, you can get rid of the malware. This requires an orderly process, with the programs laid out, followed by the logs which are then reviewed.

    There are no trained malware helpers on TechSpot at this time. And it gets pretty hard on someone with a problem to be given a lot of different suggestions!

    See Tech-101. Follow the steps in the preliminary removal, post the logs. They will be reviewed by trained malware helpers.

    I am very sorry for your frustration.
     
  15. Chronus

    Chronus TS Enthusiast Topic Starter Posts: 118

    Its alright, I've been getting excellent help from here for years now and i greatly appreciate it. I'm also in the prosses of updating drivers right now as well as a game crashed the computer at a specific point. but that for a different topic. I'll take a look at the tech-101 when i get the chance, thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...