Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Popups Firefox Slowdown and Restarting [RESOLVED]

Started by tvaughn05 , Dec 31 2005 03:49 PM

This topic is locked

#1
tvaughn05

Posted 31 December 2005 - 03:49 PM

Member

Member
11 posts

Hello,

I have been having some trouble with my computer lately, so I am going to provide you with as much information as I can find. :woot:

I have been experiencing multiple popups such as this one from channels.intwined.com. Firefox has also slowed down dramatically. I am using Google Web Accelerator and Firefox 1.5. I use Comcast High Speed Internet, on a wireless connection. I have run Microsoft Anti-Spyware, McAffe VirusScan 2005, Spybot S&D, and Registry Mechanic, and I have found no problems. I ran CWShredder, and it detected CWS.SVCHost32. I found no way to remove this. While in Task Manager, I found that svchost.exe usually used about 15,000k memory, and when I have 3 tabs open in Firefox, it uses about 113,000k memory. The real odd thing is that when I am using Internet Explorer, I rarely get popups, and it is dramatically faster than Firefox. There is no way I could go back to IE though

I miss firefox, but it is just too slow. :tazz:

I thought about updating the HOSTS File, but I have heard complaints from people who update their HOSTS file, that their computer gets even more slow! Here is my hijack this log. Any help would be greatly appreciated.

Thank you!,
Tony

Logfile of HijackThis v1.99.1
Scan saved at 3:48:41 PM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 216.93.174.28 a.tribalfusion.com
O1 - Hosts: 216.93.174.28 ad.yieldmanager.com
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 67.15.114.78 pagead2.googlesyndication.com
O1 - Hosts: 67.15.114.79 ypn-js.overture.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Edited by tvaughn05, 02 January 2006 - 05:51 PM.

#2
Cloutz

Posted 02 January 2006 - 11:47 AM

Visiting Staff

Member
547 posts

Hi Tony,

Welcome to Geeks to Go.

My name is Nick and I will be checking over your logs.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

#3
tvaughn05

Posted 02 January 2006 - 03:56 PM

Member

Topic Starter
Member
11 posts

Thank you. The service pack is currently being downloaded :tazz:

.
I had planned on installing Windows Service Pack 2, but my computer just kept restarting after I had installed it. I will post my HiJackThis log in about thirty minutes. Thanks for helping me!

#4
tvaughn05

Posted 02 January 2006 - 05:46 PM

Member

Topic Starter
Member
11 posts

After quite a long time of troubleshooting, I was able to remove SP1a, even though my Safe Mode was disabled, and the computer was on a reboot loop after I had installed it. It just wouldn't stop restarting. There is no possible way I would be able to install a Windows Service Pack. I am able to install every update for my OS, but not the actual SP.

Is there a way that we could fix my problem without a Service Pack? I have all the updates available, just not the service pack.

Thank you,

Tony

Edited by tvaughn05, 02 January 2006 - 08:51 PM.

#5
Cloutz

Posted 02 January 2006 - 09:00 PM

Visiting Staff

Member
547 posts

Hey Tony,

A service pack is mandatory, because without it you are wide open to re-infections, and we will both be wasting our time.

I'm going to need you to apply Service Pack 1a, and if you get into the rebooting loop again, I'll have a fix ready.

=======================================

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Edited by Cloutz, 02 January 2006 - 09:15 PM.

#6
tvaughn05

Posted 02 January 2006 - 09:04 PM

Member

Topic Starter
Member
11 posts

Okay. I will try it again.

Edited by tvaughn05, 02 January 2006 - 09:23 PM.

#7
tvaughn05

Posted 02 January 2006 - 09:28 PM

Member

Topic Starter
Member
11 posts

The thing is that when I fixed it, I created a whole new Windows Installation in C:/WINXPHME instead of C:/Windows. I had planned on just reinstalling the OS over, but it told me that it may erase some of my personal settings. So now I have a dual-boot system, with one Windows OS constantly rebooting, and another that is new, but I can't use any of my old programs or settings...(or im just too lazy to move all the settings ^_^) So, could you please give me the fix for the rebooting loop, and I will apply it to the Windows installation that is continuely rebooting and has Service Pack 1a. Sorry for making this even more confusing than it already was...I probably could have lived with the popups. :-P

I already wrote a new boot sector to C:, but it still restarts.

Edited by tvaughn05, 02 January 2006 - 09:51 PM.

#8
tvaughn05

Posted 02 January 2006 - 09:55 PM

Member

Topic Starter
Member
11 posts

Should I just reinstall the OS over the corrupt installation??
Or will I lose some of my personal settings?

#9
Cloutz

Posted 02 January 2006 - 10:11 PM

Visiting Staff

Member
547 posts

Hey Tony,

Enabling the Viewing of Hidden and System Files

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Check Show hidden files and folders.
Uncheck Hide file extensions for known types.
Uncheck Hide protected operating system files
Click Yes to confirm.
Click OK.

Find c:\boot.ini
Open it with notepad
Post the contents of it in this thread.

Thanks

#10
tvaughn05

Posted 02 January 2006 - 10:16 PM

Member

Topic Starter
Member
11 posts

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINXPHME
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINXPHME="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

^^ Windows is the original corrupted version, and WINXPHME is the new install.

Edited by tvaughn05, 02 January 2006 - 10:17 PM.

#11
Cloutz

Posted 02 January 2006 - 10:44 PM

Visiting Staff

Member
547 posts

Print these instructions out and make sure everything is entered exactly.

Slip in Your XP disk and reboot.
Upon boot up, you may receive 'Press any key to boot from disk' if you do, then press any key
Setup will stop at an options screen.
Choose R.
You may be prompted for the Administrator password. just press enter.
You may be offered which installation ie:
1. C:\Windows
If you are, Press 1 and enter.
You will arrive at a C:\Windows prompt.
Type (make sure to enter it exactly):

fixboot c:

hit enter.

type:
Y

hit enter.

take out the cd

type:
exit

hit enter.

The machine will restart. Let me know how that goes..

Its getting late here, I'll get back to you tommorow morning.

Thanks,
Nick

Edited by Cloutz, 02 January 2006 - 10:45 PM.

#12
tvaughn05

Posted 02 January 2006 - 10:50 PM

Member

Topic Starter
Member
11 posts

Okay, I just did it...It is still in a reboot loop... :tazz:

BTW, Thank you very much for helping me...

Edited by tvaughn05, 02 January 2006 - 11:04 PM.

#13
tvaughn05

Posted 02 January 2006 - 11:58 PM

Member

Topic Starter
Member
11 posts

Dear Cloutz,

I have decided just to completely format my hard drive, and start a-new. Could you please provide me with ways that I can prevent malware on my new installation of the computer? I already use: Firefox 1.5, Microsoft Anti-Spyware, McAffe VirusScan 2005, Spybot S&D, HiJack This, CWShredder, and Registry Mechanic. Are there any other good free anti-malware programs out there??

Thank you very much for your help, :tazz:

-Tony

Edited by tvaughn05, 03 January 2006 - 04:05 PM.

#14
Cloutz

Posted 03 January 2006 - 05:34 PM

Visiting Staff

Member
547 posts

Hey Tony,

Sorry to hear that...I could of searched for another fix but you chose what to do with your computer and I respect that.

But I'm glad to hear you want to prevent things like that to happen again :tazz:

Here is a list of tools I like to suggest to users to prevent future infections.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware -Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! -Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Firefox- Internet Explorer is NOT the most secure browser. I highly recommend Firefox as a safer alternative.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Nick

#15
Michelle

Posted 07 January 2006 - 01:59 AM

Malware Removal Goddess

Retired Staff
8,928 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.