Slow login in Windows XP (HijackThis log)

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Slow login in Windows XP (HijackThis log)

Options

oddball View Member Profile	Jul 26 2008, 09:13 AM Post #1
New Member Group: New Member Posts: 2 Joined: 26-July 08 Member No.: 80,542 Operating System: Windows XP	This is the log of a Windows XP computer that's running a little slow after the login screen. I'm troubleshooting someone else's computer, so I can't provide an extremely indepth description of any problems, but I'm suspicious of the multiple svchost.exe instances that come up in Task Manager. As far as I know, a slow login is the only symptom. Thanks for your time! Logfile of HijackThis v1.99.1 Scan saved at 11:31:17 AM, on 7/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\AOL\1102516621\ee\AOLSoftware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0b\waol.exe c:\program files\common files\aol\1102516621\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Kerio\Personal Firewall\PFWADMIN.EXE C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102516621\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLAspSunset] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{644C4518-120A-4057-B343-E84540FFF94A}: NameServer = 192.88.193.1,192.88.195.10 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

bob4 View Member Profile	Jul 28 2008, 12:17 PM Post #2
SuperMember Group: Malware Team Posts: 1,946 Joined: 17-January 06 From: Fla. Member No.: 48,742 Operating System: xp pro/Vista	_________________________________ Welcome to the Forums. The fixes we will use are specific to your problems and should only be used for this issue on this machine. Please only use this topic to reply to. Do not start another thread. If any other issues arise let me know. The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end! Save and quit any work your doing before beginning the fix. All hijackthis logs I ask for should be done in normal mode ( not safe mode) These logs should be done last after you have followed my instructions in the previous post. Do the best you can to follow my instructions in the order given Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time. If you have any questions about any advice given here please STOP and ask! ___________________________________ Nothing looks suspicous in your log. But let's do a few things that need to be done for security and also look a bit deeper. ______________________________ RUN HJT HJT Run hijackthis and choose scan only and place a check by the following lines if present. Close all other windows and browsers except HJT before clicking on Fix Checked O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab Close that. _________________________________________________ Please download JavaRa and unzip it to your desktop. Double-click on JavaRa.exe to start the program. Click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location. Then download and install Java Runtime Environment (JRE) 6 Update 7. _______________________________________________ Ewido security suite is outdated by a while now. It has been taken over by AVG anti malware. I suggest going into add/remove programs and uninstalling it. I would like you to install in it's place . Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please post the contents of that log. If you accidently close it you may find it here. Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs __________________________ Deckard's System Scanner Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. [list=1] Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply _________________________ In your next reply I would like to see: The report from Deckards system scanner The report from Malwarebytes anti -Malware [font="Courier New"][/font]

bob4 View Member Profile	Jul 31 2008, 05:40 AM Post #3
SuperMember Group: Malware Team Posts: 1,946 Joined: 17-January 06 From: Fla. Member No.: 48,742 Operating System: xp pro/Vista	Still needing help?

oddball View Member Profile	Jul 31 2008, 07:16 AM Post #4
New Member Group: New Member Posts: 2 Joined: 26-July 08 Member No.: 80,542 Operating System: Windows XP	Thanks for your help and the updates suggestions! I haven't had a chance to implement the things you suggested, but if nothing looks suspicious, I don't think I need any more help. Just one question: why would multiple svchost.exe tasks appear in Task Manager? Thanks!

bob4 View Member Profile	Jul 31 2008, 11:00 AM Post #5
SuperMember Group: Malware Team Posts: 1,946 Joined: 17-January 06 From: Fla. Member No.: 48,742 Operating System: xp pro/Vista	QUOTE In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. Remember I said nothing looked suspicious. That doesn't mean this machine is clean and/or free of malware.

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Windows Installer Corruption after Trojan Resolution	2	bltwmayoonwheat	27	Yesterday, 10:47 PM Last post by: bltwmayoonwheat
HijackThis Problem	0	clozad1	5	Yesterday, 10:37 PM Last post by: clozad1
Slow laptop/Task Manager Processes	1	BobDylan	23	Yesterday, 05:11 PM Last post by: ken545
[Resolved] Pc Runnig very slow	12	adil8	103	Yesterday, 03:36 PM Last post by: LDTate
Slow System - Deferred Procedure Call Issue 12	17	jeopardy	6,924	Yesterday, 06:03 AM Last post by: maldido gringo