Help Needed Badly

I posted here last week sometime and I did all the requested things, safe mode, ccleaner, etc, etc. I am still having major problems with this computer. Computer is slow, ie is shutting down constantly, computer is freezing, etc etc etc. Should I post my hijack this log so someone can look and see what is wrong for me?

 

yes, please post your log as a txt file.

 

Here is the log. I hope that I posted it as you requested. Thanks so much for your help.
Michelle

 

Michelle,
You will need to re-run HiJackThis

Make sure you follow the directions posted here

http://forums.majorgeeks.com/showthread.php?t=38752
Hijack This Tutorial And How To Post Your Log File

explicitly. This will ensure that no extra processes are running that are not necessary. and that you have proper backups made.

Make sure you run HiJackThis from its' OWN directory. Do not run it from a temp file, a zipped archive or the desktop.

Thank you.

 

Ok....Here is my hjthis log. I hope I understood the reply and tutorial correctly. Let me know if I did something wrong. Thanks again for your help.

 

I question this line here because I don't know what it is.
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

I don't see anything else but I will alert Chas to follow behind me to make sure.

 

Hi Kodo, Michelle, Chas,

There are a lot of Stopguard related items in Michelle's log.

Michelle - Take a look at this thread, particularly the later posts for an idea of what the files look like. They have an easily recognizable pattern:

http://forums.majorgeeks.com/showthread.php?t=42005

Note that the files change on reboot, so they may already be different.

You need to disable this running process:
C:\WINDOWS\Help\SBSI\doswin.exe
and then try to delete it

This file is bad as well:
C:\WINDOWS\system32\bkinst.exe

The bad BHO is:
O2 - BHO: CATLEvents Object - {44E5B409-35A2-4E8D-BF94-344222323A53} - C:\DOCUME~1\APRIL\LOCALS~1\Temp\niwsod.dat

Also bad:

O4 - HKLM\..\RunOnce: [*doswin] C:\WINDOWS\Help\SBSI\doswin.exe rerun
O4 - HKLM\..\Run: [*doswin] C:\WINDOWS\Help\SBSI\doswin.exe
O4 - HKCU\..\RunOnce: [*MS Setup] C:\WINDOWS\system32\bkinst.exe ren

Hey Chas - What about the multiple occurrences of C:\WINDOWS\system32\drwtsn32.exe ??

Also, in addition to the entry Kodo flagged, this one doesn't ring a bell:

O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe

Best,

PP

 

I am curious about the watsons too.. I haven't had time to look up anything about it yet though.

 

Ok.....I have deleted and disabled those items suggested. Here is the new HJ this log. Tell me what you think?

 

Hi Michelle,

You log looks better. I'm not sure about this process:
C:\WINDOWS\system32\fxssvc.exe, but it my may well be legitimate. You may know better.

Looks like you got all of the Stopguard crap - That was probably what was shutting down your browser. Did you have any trouble shutting down C:\WINDOWS\Help\SBSI\doswin.exe ?? Or, did you follow the steps in the thread I linked? Did you track down and delete the corresponding .ini and .dat files?? It is important that you reran CCleaner and flushed your TEMP files.

Anyhoo, your log looks OK. You may flush these, if you desire:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

I do not know what this one is, off the top of my head:
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
If you recognize it, then leave it alone.

I am heading out for the evening, but I would appreciate a post back regarding my questions about shutting down the running process. It'll help me help someone else down the road!

Cheers,

PP

 

this is legit
C:\WINDOWS\system32\fxssvc.exe
Fax Service

This is legit
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

used by some manufacturers as their support tools.

 

Thanks, Kodo

I figured they were OK, but learned long ago that even the most innocent looking entry can bite you!

Best,
PP

 

Thanks Chas,

That is why I had that “Hey Chas” in blue - I figured you might know what those were off the top of your head. I didn’t intend for Michelle to fix the uncertain entries, but I should have been clearer! I guess I ought to back off giving people advice unless I have the time to look up everything and be thorough. The sad thing is I’ve got pacman’s list and 4 other process databases right here at my disposal and no time to use them!

Thanks again,

PP