Keep losing internet connection, browswer freezes, computer extremely sluggish

Discussion in 'Malware Help (A Specialist Will Reply)' started by Wuf4Wds, Dec 26, 2009.

  1. Wuf4Wds

    Wuf4Wds Private E-2

    I'm not sure if this is the correct forum for my issues or not. If not, please tell me where to post.

    Computer Info:
    • Toshiba Satellite
    • Centrino Duo
    • T2050@1.60GHz
    • WindowsXP
    • Media Center Edition
    • Version 2002
    • Service Pack 3
    • AVG FreeEdition for anti-virus


    Problems:
    • Excessive boot time.
    • Computer is extremely sluggish.
    • Continuously switches between dsl and dialup internet access (need access to both)
    • Interent browsing very slow

    Actions taken:
    • Checked for malware via Add/Remove Programs (found none)
    • Ran CCCleaner
    • Ran SAS
    • Ran ComboFix
    • Attempted to run RootRepel but was unsuccessful (error messages indicated "invalid PE image found"
    • I was able to run SOPHUS and have attached a screenshot of the findings.
    • Ran MGTools.


    Items to attach:
    • SASlog.txt
    • SophosLog.bmp
    • ComboFixlog.txt
    • MGlogs.zip
    • mbam-log-2009 (19-22-09).txt


    I would really appreciate it if you could look to see if there are any hidden issues that could be causing the problems. I appreciate your help more than you could imagine! (It's my mom's notebook. She and my dad say they are about ready to throw it out the window! LOL:cry)

    :confusedNote: I just tried attaching the SAS, Sophos, ComboFix, and MG logs (as listed above). I received an error message stating the upcload could not be processed due to a missing security token. What should I do about this?
     
    Wuf4Wds, Dec 26, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Log out and then log back into the forum. Make sure that you click the Remember Me check box. Then retry your attachments. You will need to put them in new messages in this thread since you ability to edit has probably expired.
     
    chaslang, Dec 26, 2009
    #2
  3. Wuf4Wds

    Wuf4Wds Private E-2

    I have attached 4 of the files. The sophos file is the trouble-maker. The file, which is a screenshot, is too large for the upload. I tried splitting it into two files but they are both too big. Thought I had winzip on this computer but cannot find it.

    Also, in the midst of running everything, somehow, aim search has taken over my "blank" tabs (the new tabs on IE). I had deleted it from the add/remove programs in the first steps but somehow it is back.

    A little more background info:
    • The computer has issues with the dial-up/dsl modems--as in which one it should use. This was a problem in the very beginning and Toshiba had me go into the registry (or somewhere hidden) and change some values. I don't recall where or what.
    • I thought there could be registry issues and had run two or three registry "fixers" that were downloaded from cnet. Two were free and the other was a free-to-try. Naturally, the free-to-try found many more errors than the other two but would only "fix" a few. I'm not sure if this is part of my problems or not.
    • Printers--There are three printers for this computer. Lexmark is used at one location and a canon at another location. The HP is accessed thru the dsl network. It does not have to be loaded all of the time but I do not know how to prevent it.

    If you need the sophos screenshot/log, please let me know how to get it to you. I am back and forth to my mom's (which is where the computer is located). I will look for the winzip (strange how it can unzip but I cannot find it to zip).

    Thank you so much for your help! I am looking forward to getting her computer running as it should (and she is really looking forward to it)!
     

    Attached Files:

    Wuf4Wds, Dec 27, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are not having malware problems. The PC is slow because you do not have enough memory to run it and all the other software being loaded. Your logs show
    Code:
    Total Physical Memory 512.00 MB 
Available Physical Memory 164.93 MB
    At a minimum, you need 1 GB of memory but 2 GB would be much better if it can be supported.

    You do have a pile of other unnecessary junk loading. If you don't need AIM then uninstall it. Also uninstall AOL if not needed as it will keep installing unnecessary and unwanted garbage on the PC like toolbars, browser helper objects and pure junk like Viewpoint software that no one wants or needs. In addition it may have also installed
    QQ Games which we and many other sites recommend removing ( you do have this installed too) since it is considered adware at a minimum.

    At least remove all the unnecessary tool bars from it and Google which are wasting memory and slowing things down.

    You also need to uninstall Viewpoint Media Player as requested in the READ & RUN ME.

    Also you have left overs from Symantec. Please run the below then reboot. After reboot run it one more time.

    Norton Removal Tool (SymNRT)

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

    Also you can optionally fix any of the below that you feel you don't need or use. Note: You don't need to load instant messenger programs until you wish to use them.
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

    After clicking Fix, exit HJT.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 28, 2009
    #4
  5. Wuf4Wds

    Wuf4Wds Private E-2

    Re: Keep losing internet connection, browser freezes, computer extremely sluggish

    Whew!

    :)I am so glad to hear that I do not have malware!

    With the exception of one oops, I completed the steps you indicated. The oops--viewpoint manager and QQ games. (Originally, I did not uninstall the viewpoint manager because everytime I uninstalled it, it would "magically" reappear. I would have uninstalled the QQ games the first time around but don't recall seeing it. I must have overlooked it.) Anyway, I did uninstall both the viewpoint manager and QQ games this time--but after I ran the analyse.exe and cccleaner.

    When my mom got the computer, they told her the memory was adequate unless she upgraded to Windows Vista; therefore, I didn't even think about memory being an issue. We're looking for memory to add now. Thank you for pointing that out to me.

    :confusedI have a couple of other questions--if I need to move to another forum, please let me know.
    • The HP C7280 print manager continues to run in the background. (Although it disappeared as I looked to verify the printer number.) As I indicated earlier, this printer is accessed through the DSL connection but only on occasion. It does not have to run all the time. How do I prevent it from running at start-up?
    • I usually have several of the "same" internet connections running (with different names) and receive "error" messags--i.e., internet connection 2 not connected (yet internet connection 1 is connected).
    • How do I correct the internet connection aggravations? (Keeps trying to "dial-up" although it is already connected via dsl.)
    • You indicated that I had a lot of software that loaded. Is there anything else that I do not need?
    • You indicated that google was wasting a lot of memory. Google is supposed to be my "search engine" only. I do have Google earth and maps but thought they only loaded/ran whenever I actually opened the file. Is there something else of which I am not aware or do these programs work differently than I think?

    Thank you again for all of your help! You are awesome for checking all of this out. I wish I could look at the charts and know what to do! Although trial and error are great teachers, my mom's computer would not be the best learning tool. As we all know, when mama is happy, everyone is happy! :)

    I look forward to hearing from you as to what I need to do next--if anything. (My mom and dad said to tell you they appreciate your help as well and that they look forward to having a computer that actually works faster than they can with pencil, paper, phone, and stamps! :)
     

    Attached Files:

    Wuf4Wds, Dec 30, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Keep losing internet connection, browser freezes, computer extremely sluggish

    You're welcome.

    Not magic! ;) Just AOL being a PITA. They will keep reinstalling this junk which is why it is consider foistware and many people consider it malware.

    The definition of adequate is "barely acceptable". ;) And as updates came along (like SP1, SP2, SP3) and changes to security programs due to malware changes, what was acceptable in the past, is now no longer acceptable.



    All should be posted in another forum.


    Already gave you optional fixes/suggestions in my last fix.
    When you run things at startup that are not needed/used all the time and have update programs and service running in the background, you are wasting resources for something you don't really need. And when you don't have enough memory, you cannot afford to waste it.

    How are things running now?
     
    chaslang, Jan 1, 2010
    #6
  7. Wuf4Wds

    Wuf4Wds Private E-2

    Re: Keep losing internet connection, browser freezes, computer extremely sluggish

    It is running much better now! I can only imagine how much better it will be with memory. I like your definition of "adequate" when it comes to memory. I will commit it to my "personal" memory for future reference.

    I went back and looked at the add/remove programs and saw google desktop. I looked it up to see what it was and found that it is apparently running in the background, constantly searching files--which is what you said. I did not realize that it was on the computer; I was only thinking about google earth. At any rate, I uninstalled the google desktop. Also, I noticed that some of the values that were "fixed" were back running in the taskmanager. Makes me wonder if David Copperfield is hiding in the harddrive! Anyway, I disabled them through the "manage add-ons" and thus far, they are not running again. (I'm not sure what made me look there.)

    When I get my nerves ready for another go ;), my computer is ready for a check-up. Until then, thank you, thank you, thank you!

    :)
     
    Wuf4Wds, Jan 1, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 3, 2010
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds