Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Jan 2012
    Posts
    1
    Points
    0

    Default Possible Virus or Malware Problem on Laptop

    I have had constant problems with my laptop First I have to say I know a little about simple tasks on Windows but obviously not enough...problems
    include constant multiple of processes, O/S tends to freeze up quite often, I update from Windows update and HP updater both normal from factory...

    I do this once a week I do not download music or anything..I currently am running an up to date Norton Anti-Virus that usually catches any malware etc...I run google chrome for my daily browser and things work fine and then everything laggs major..

    I open up my tskMng and chrome exe. has like 8 copies so does svchost.exe which idk has anything to do with my problem..I dont know much else besides idk what to do from here as far as finding the issue... I hope this made some kind of sense here is my Laptop info and i have attach. a hijackthis log thank you

    I currently own
    Microsoft WIndows XP-------Home Edition
    Version----2002
    Processor 1.60Ghz---504MB of RAM







    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:34:56 AM, on 1/8/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Andrew Da King\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL.com - News, Sports, Weather, Entertainment, Stocks & Local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

    --
    End of file - 6818 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Hi sparkem44mag2,

    Welcome to Help2Go!

    Though Norton is an excellent security program it does use a large amount of resources such as RAM. If you want to keep Norton I would suggest to install another 512MB RAM stick. XP runs fairly well on 512MB's though once you install bulky software such as Norton the performance is drastically reduced. There are other free security software programs that are just as good as Norton (if not better in my opinion) that uses less resources and causes less issues. No security program is 100 % safe.

    The reason for multiple Chrome.exe processes being listed in the task manager is that each Chrome tab is treated as it's own individual process for safety reasons etc, and therefore, is treated as such.

    As for svchost, below is a really good read as to why you have multiples in task manager:

    What is svchost.exe And Why Is It Running?

    I see you still have IE6 (SP3) installed. If I am not mistaken, when IE6 was put in the closet it was at SP4. Even though you do not use IE it should be updated to IE8. Any outdated software on a computer is an invitation to infection.

    How often do you perform basic maintenance on your system with temp cleaners, disk clean up, defrag? This can make a difference as well.

    In your HJT log I do see a few things that do not need to start up upon boot. These programs are not required to start automatically as you can run it when you need to. Disable the following that use up necessary resources.

    Open HJT and place a check to the left of the following entries:

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot


    Click Fix Checked and reboot.

    To verify that Norton has done it's job, you can also download and install the first 2 programs found in the link below. Please update the programs before running the scans. You can post the logs (DO NOT attach them) in your next reply. If anything of the malicious nature is found in the logs our expert in the removal of malicious files can take over from there.

    How to Start Removing Viruses and Spyware from your Computer

    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post: