Computer running slowly - Check logfile (Help!)

Question

Hi,   I've taken a tip from someone and downloaded Hijack this v1.99 to see if I can understand what's causing it to run so slowly - especially Internet Explorer. listed below are the results.   Can anybody help me? I've doubled my memory from 512  and increased Broadband to 2MB but still it's running real slow. Any help really appreciated.   Logfile of HijackThis v1.99.1 Scan saved at 23:35:28, on 07/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)   Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Common Files\Real\Update_OBealsched.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\DOCUME~1\NEILMO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Program Files\Real\RealPlayer\RealPlay.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 O1 - Hosts: 66.38.215.115 kazza.com O1 - Hosts: 66.38.215.115 www.kazza.com O1 - Hosts: 66.38.215.115 kaza.com O1 - Hosts: 66.38.215.115 www.kaza.com O1 - Hosts: 66.38.215.115 kaaza.com O1 - Hosts: 66.38.215.115 www.kaaza.com O1 - Hosts: 66.38.215.115 kahza.com O1 - Hosts: 66.38.215.115 www.kahza.com O1 - Hosts: 66.38.215.115 edonkey.com O1 - Hosts: 66.38.215.115 www.edonkey.com O1 - Hosts: 66.38.215.115 emule.com O1 - Hosts: 66.38.215.115 www.emule.com O1 - Hosts: 66.38.215.115 suprnova.com O1 - Hosts: 66.38.215.115 www.suprnova.com O1 - Hosts: 64.124.166.37 klite.com O1 - Hosts: 64.124.166.37 www.klite.com O1 - Hosts: 64.124.166.37 k-lite.com O1 - Hosts: 64.124.166.37 kazaalite.com O1 - Hosts: 64.124.166.37 www.kazzalite.com O1 - Hosts: 64.124.166.37 kazalite.com O1 - Hosts: 64.124.166.37 www.kazalite.com O1 - Hosts: 64.124.166.37 kaazalite.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1	ools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe O4 - HKLM\..\Run: [VSOCheckTask] 'C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe' /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background O4 - HKCU\..\Run: [Spyware Doctor] 'C:\Program Files\Spyware Doctor\swdoctor.exe' /Q O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1	ools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{72987284-8D3A-4836-8587-9FE2709DBD6F}: NameServer = 80.225.255.50 80.225.255.58 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe Many thanks, Motty

RKinner · Answer

The only think I see that looks at all suspicious is:

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

TurboTax put a similar program on my PC back in 2002 and it really slowed things down. Supposedly it was to keep me from copying the program but it ran all the time and was a resource hog.

Start, Run, services.msc, OK to bring up the services window and look for C-DillaCdaC11BA service. Doubleclick then set the startup type to Disabled, Apply then Stop the service. See if things run faster. If not or you find some other program no longer works you can change the Startup Type back to Automatic and Start the service again.

Rightclick on the clock and select Task Manager then Processes then click twice on CPU. The top process should now be System Idle with over 95% of the CPU Usage. IF not what are the top three and what % do they have?

IF System Idle was the top process then Start, right click on My Computer and select Manage then Device Manager then find IDE ATA/ATAPI Controllers and hit the + in front of it. Find the first Primary Channel and double click on it then Advanced Settings. IF the Current Transfer Mode for device 0 says PIO then go back to the Primary Channel and right click on it and Uninstall then reboot.

You can also try RootKitRevealer from SysInternals and see if it finds anything:

http://www.sysinternals.com/Utilities/RootkitRevealer.html

Ron

Motty123 · Answer

Ron,

Made the changes you suggested and System idle was top with over 95% CPU. Current transfer Device 0 was not PIO though - it was Ultra DMA Mode 5. Any idea why I have all the following Hosts listed here ;-

Hosts: 66.38.215.115 kazza.com

O1 - Hosts: 66.38.215.115 www.kazza.com

O1 - Hosts: 66.38.215.115 kaza.com

O1 - Hosts: 66.38.215.115 www.kaza.com

O1 - Hosts: 66.38.215.115 kaaza.com

O1 - Hosts: 66.38.215.115 www.kaaza.com

O1 - Hosts: 66.38.215.115 kahza.com

O1 - Hosts: 66.38.215.115 www.kahza.com

O1 - Hosts: 66.38.215.115 edonkey.com

O1 - Hosts: 66.38.215.115 www.edonkey.com

O1 - Hosts: 66.38.215.115 emule.com

O1 - Hosts: 66.38.215.115 www.emule.com

O1 - Hosts: 66.38.215.115 suprnova.com

O1 - Hosts: 66.38.215.115 www.suprnova.com

O1 - Hosts: 64.124.166.37 klite.com

O1 - Hosts: 64.124.166.37 www.klite.com

O1 - Hosts: 64.124.166.37 k-lite.com

O1 - Hosts: 64.124.166.37 kazaalite.com

O1 - Hosts: 64.124.166.37 www.kazzalite.com

O1 - Hosts: 64.124.166.37 kazalite.com

O1 - Hosts: 64.124.166.37 www.kazalite.com

O1 - Hosts: 64.124.166.37 kaazalite.com

Does this seem odd??

Any help appreciated?

Many thanks again Ron,

Motty

Motty123 · Answer

Ron,   Many thanks for a lenghty reply; I'm about to follow your advice - will let you know progress. Motty

RKinner · Answer

You can remove them if you want.  Appears to have been an attempt to hijack connections to a bunch of file sharing programs.  Didn't see any running so didn't worry about them. I doubt it will help or hurt anything to remove them.   Did you run the rootkitrevealer?  Did it find anything?   Ron

Motty123 · Answer

Ran rootkit revealer but nothing of any significance there. How would I go about removing them Ron? Thanks again for responding

RKinner · Answer

Run Hijackthis and check the O1 lines then press Fix Checked.   Ron

Virus & Spyware

Was this post helpful?