Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby dan12 » September 7th, 2006, 3:59 am

Hi djrpok
What is your system specifications?
Can you check if either one of these processes are using almost 100 % of CPU

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe


I dont believe this is a malware related problem.

Your java needs updating
Update Java
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windows-i586-p to install the newest version.



Couple of things I want you to try to see if will make things a little easier for you.

I see your running spysweeper, teatimer and windows defender at boot.
Disable 2 of them doesn't matter which, just leave one running to see how things are.
----------------------------

To Disable SpySweeper:

Open it click >Options over to the left then >program options >Uncheck
load at windows startup

Over to the left click
shields
and uncheck all there.
Uncheck
home page shield
.
Uncheck 'automaticly restore default without notifiction
-------------------------
TeaTimer

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure
Advanced Mode
is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck
Resident TeaTimer
and OK any prompts
5) Restart your computer.
-------------------------------
Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender
--------------------------
If you are still having problems may I sugest you visit a couple of forums which deal with software \hardware issues:
http://forum.computertrouble.co.uk/index.php

http://forums.pcpitstop.com/index.php?
let me know if things are any better!
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Continuation

Unread postby djrpok » September 7th, 2006, 10:00 pm

Hi Dan,
What do you mean by system specifications ?
Overall, there is a very large improvement in routine stuff- getting email, most programs. I still use 100% CPU but not for as long.
I still have a problem with Windows Media Player- Most videos are still in starts and stops or slow motion.
Any suggestions re: WMP ?
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 8th, 2006, 4:59 am

Hi djrpok
You didn't mention with regards to
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe

To check if either one of these processes are using almost 100 % of CPU
-----------------

What is your system specifications?

By that I mean how much ram you have on the machine ( Random access memory )
How much free hard drive space you have.
may i suggest you defrag your hardrive also

One more thing I would like you to try.
Go to services.msc - set your DNS client to manual, reboot and see if any better.
Post a fresh HJT log
let me know how things are
thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Continuation

Unread postby djrpok » September 8th, 2006, 3:12 pm

I did an Ewido scan last night. No spyware.
It did take 11 hours 13 minutes. Isn't that a long time ?

Re; the two C:\ things - doesn't hog up the CPU

1G Ram
3.13G free on 27.8G HD
I have recently defragged

How do I find services.msc - you overestimate my computer knowledge.

Logfile of HijackThis v1.99.1
Scan saved at 11:57:20 AM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\DaVID Rose\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AS00_Gear511] "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\regmech.exe" /S
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\HighStream Turbo\HSTurbo.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://www.comcastsupport.com/sdccommon ... d/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://www.comcastsupport.com/sdccommon ... tctlln.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k00726/sb028.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb028.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0356378580
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BASIX - Unknown owner - C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\BASIX.exe (file missing)
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 8th, 2006, 5:53 pm

Hi djrpok
should of given you some guidance.

start>run>type: services.msc

locate: dns client
right-click on it + select properties
under startup type select manual
click apply then ok
close the services window.

If there is no improvement reset the setting
thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Continuation

Unread postby djrpok » September 9th, 2006, 2:21 am

Did services.msc. Ran computer at manual all day with no apparent difference. Brought it back to auto.

Despite all that we've done, there appears to be little change. Everything takes so long to establish itself.
I have another computer also on the same wireless network and it runs quickly.
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 10th, 2006, 3:54 pm

Hi djrpok
As have mentioned in an earlier post I don't feel this is a malware issue it seems more like a hardware issue to me may be hardrive about to fail?
This is as far as i can take you having ruled out malware on your system.
If I can suggest you visit one of the many forums who have experts in that field that deal with hardware and software issues, to help you resolve your problems quickly.
will include a couple of links for you to start you of for further help.
Am sorry I cant assist you further with your problem.

http://forum.computertrouble.co.uk/index.php
http://forums.pcpitstop.com/index.php?

Your log is clean.
A few things to help with possible threats in the future would be to download run and keep these programs updated.
Adaware
spyware Blaster

Always keep windows patched and updated.
And it goes without saying do not open Email from someone you don't know.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

I hope you resolve your problems soon
dan12
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Thanks

Unread postby djrpok » September 10th, 2006, 4:15 pm

Dan, thank you for all you've done.
I am planning to replace the hard drive. Its 28G and 80 and 100G are available and not overly expensive.
I'll let you know how that turns out.
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Continuing problems

Unread postby djrpok » September 12th, 2006, 7:08 pm

I replaced the 30G HD with a new professionally installed 80G HD. All software was transferred over.
The result is little difference.
I just attempted to play a video. CPU immediately went to 100% and stayed there for 15 minutes after I stopped the video.
While the video was on
explorer.exe 31-38%
wm player.exe 20-40%
system 5-90%
taskmgr.exe 0-30%
After I stopped the video and for the next 15 minutes
explorer.exe 31-38%
taskmgr.exe 10-15%
spysweeper.exe 15-35%
spysweeperUI.exe 0-10%
This doesn't seem right. Something is in this computer screwing it up .
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 13th, 2006, 7:54 am

Hi djrpok,
Can under stand your frustration with your problems at least you can rule out your Hrd drive and you have had it professionally installed, so the setup should be fine.
With regard to your issues we have done all we can to rule out malware which is what where here to do.
Now your issues are looking more like hardware issues, I would advise that you follow my earlier post to seek help with the experts in the Hardware\ software issues field because they are in a better position to help you.
regards dan

Another link for you seeing you have a dell. You may have to register.
http://forums.us.dell.com/supportforums ... nsp_genera

I gave these earlier
http://forum.computertrouble.co.uk/index.php
http://forums.pcpitstop.com/index.php?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Finale

Unread postby djrpok » September 15th, 2006, 1:45 am

Went to pcpitstop and got their optimizer.
Straightened me out.
Thanks again. :D
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 15th, 2006, 3:13 am

Pleased your sorted :D
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Post Script

Unread postby djrpok » September 19th, 2006, 6:45 pm

Unfortuneately, things reverted to ulta slow and 100% CPU.
Went to BitDefender free trial. Their scan found and destroyed one adware and two Trojans.
Things are at brand new performance.
djrpok
Regular Member
 
Posts: 19
Joined: September 1st, 2006, 1:21 pm

Unread postby dan12 » September 20th, 2006, 5:53 am

Hi djrpok
thanks for keeping me informed
Hope your performance stays good
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Nick-YF19 » September 28th, 2006, 3:02 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware