 Computer running slow, HJT Log |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 7 2005, 10:20 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 12 Joined: 11-May 05 Member No.: 19,751  |
Logfile of HijackThis v1.99.1 Scan saved at 10:11:04 AM, on 7/7/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\CTSvcCDA.exe C:\WINNT\System32\svchost.exe C:\Program Files\Panda Software\AVTC\PasSrv.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe C:\Program Files\Panda Software\AVTC\pavsrv50.exe C:\Program Files\Panda Software\AVTC\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Panda Software\AVTC\AVENGINE.EXE C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\slserv.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Panda Software\AVTC\ClShield.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Panda Software\AVTC\SRVLOAD.EXE C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Panda Software\AVTC\WebProxy.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\njackson.pantegomedical\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll (file missing) O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll (file missing) O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll (file missing) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\AVTC\ClShield.exe" O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download..._MEDIAWHIZ8.cab O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/controls/rovion.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pantegomedical.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pantegomedical.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pantegomedical.local O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Panda AntiSpam Server Service (PasSrv) - Unknown owner - C:\Program Files\Panda Software\AVTC\PasSrv.exe O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe O23 - Service: Panda ClientShield (PAVSRV) - Panda Software - C:\Program Files\Panda Software\AVTC\pavsrv50.exe O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVTC\PsImSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe |
 |
 
|
|
Jul 8 2005, 08:59 PM
Post
#2
|
|
 Forum Deity Group: HJT Team Posts: 257 Joined: 18-June 05 Member No.: 23,930 |
themainman,
Yes, I see a few things that can be fixed. Since HijackThis does not scan the entire system and only certain areas are scanned to help diagnose the presence of undetected malware in some of the telltale places it hides. It is extremely important that you run a full system scan tool like Ad-aware SE and Spybot S&D. I would like to START with those steps and finish the cleanup of strays or undetected items with HJT. I have provided instructions on how to run scan with Ad-aware SE and Spybot S&D in this post. Ad-aware * Download Ad-aware version SE Personal 1.06 from here: Download from: http://www.download.com/3000-2144-10045910.html http://www.majorgeeks.com/download506.html Install by double-clicking on the downloaded file. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run. If you already have Ad-aware Second Edition skip to the next step. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now". Click the 'Connect'-button and, if there are new updates, click 'OK' and then 'Finish'. Once the definitions have been updated: Do NOT scan with the program yet. Please reboot your computer in Safe Mode by immediately tapping the F8 key (or F5 on some computers) Use the arrow keys to highlight Safe Mode and press the Enter key. Once in Safe Mode, launch Ad-Aware, and press Start > Next to let it scan your drives... It will find a number of "bad" files and registry keys. Press 'Next' Right-click in that results pane and choose "select all" Press "Next" again It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and start your computer normally. Spybot S&D* ** Spybot has a new version 1.4 available. ** If you already have Spybot 1.3 update to version 1.4. Before installing Spybot S&D 1.4 remove 1.3 like this: Open 1.3 . Go to Immunize. Click on UNDO at the top. At the bottom, take the checkmark OUT of "BrowserHelper> "Enable permanent blocking..." This will disable all protection. Make sure ALL has been disabled. If you are using Spybot's TeaTimer disable all protection there as well. If Opera Browser is installed, de-select protection for Opera Immunity Then go to Add/Remove programs via Start>Settings>Control Panel and REMOVE Spybot. Reboot Go to your Program Files and delete the old Spybot folder. Delete the old desktop icon. Then you are ready to install the new version. Download Spybot S&D 1.4 here: http://safer-networking.org/en/news/2005-05-31.html or http://www.majorgeeks.com/download2471.html Install by double-clicking on the downloaded file. Run Spybot S&D from desktop icon or Start menu. Press "Search for updates" button to get list of updates available. Press "Download updates" button. Close all IE windows and close & restart Spybot S&D. Press "Check for problems" button. Have SpyBot remove all it marks in RED by pressing "Fix selected problems". Close Spybot S&D, reboot your system. Before we can use HijackThis, you will need to move HijackThis out of that temp folder to a permanent folder of its own: To create a folder: Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Double-click on the .exe to scan. Select "Scan and Save Log". After the scan save the log somewhere. . Do Ctrl-A to Select all, and then copy and paste its contents into this thread so we can continue cleaning. Thanks. --------------------  Microsoft MVP - Consumer Security |
|
|
|
|
Jul 14 2005, 12:57 PM
Post
#3
|
|
|
New Member Group: Members Posts: 12 Joined: 11-May 05 Member No.: 19,751 |
Logfile of HijackThis v1.99.1
Scan saved at 12:57:12 PM, on 7/14/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\CTSvcCDA.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Panda Software\AVTC\PasSrv.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe C:\Program Files\Panda Software\AVTC\pavsrv50.exe C:\Program Files\Panda Software\AVTC\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Panda Software\AVTC\AVENGINE.EXE C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\slserv.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\atiptaxx.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Software\AVTC\ClShield.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Panda Software\AVTC\SRVLOAD.EXE C:\Program Files\Panda Software\AVTC\WebProxy.exe C:\Documents and Settings\njackson.pantegomedical\Desktop\Computer Cleaners\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\AVTC\ClShield.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\TEMP\Bodog Poker\GameClient.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/controls/rovion.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pantegomedical.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pantegomedical.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pantegomedical.local O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Panda AntiSpam Server Service (PasSrv) - Unknown owner - C:\Program Files\Panda Software\AVTC\PasSrv.exe O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe O23 - Service: Panda ClientShield (PAVSRV) - Panda Software - C:\Program Files\Panda Software\AVTC\pavsrv50.exe O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVTC\PsImSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe |
|
|
|
|
Aug 1 2005, 11:21 PM
Post
#4
|
|
|
Forum Deity Group: HJT Team Posts: 257 Joined: 18-June 05 Member No.: 23,930 |
Hi, themainman,
It looks as if those scans helped. Your log is in good shape. To do some follow-up cleaning, you might want to download CCleaner: Download: CCleaner http://www.majorgeeks.com/download4191.html http://www.ccleaner.com/ http://www.filehippo.com/download_ccleaner.html Once installed, run CCleaner: Click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Old Prefetch Data Next: Click Options. Click Advanced . Uncheck: "Only delete files older than 48 hrs.". Click OK. UNCHECK all other defaults listed on the: Issues and Applications tabs. Then click Run Cleaner (bottom right). When finished> Exit (reboot) Then you should be good to go.  Here is my standard list of simple steps that you can take to reduce the chance of infection in the future. You may have already taken some of these steps: 1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp 2. Adjust your security settings for ActiveX: Go to Internet Options/Security/Internet, press 'default level', then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'. 3. Download and install the following free programs: a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html Periodically check for updates. 4. Keep your antivirus software and firewall software up to date. Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/home.jsp is free. Also Sygate has an optional free version: http://smb.sygate.com/download_buy.htm 5. You might consider installing Mozilla / Firefox. http://www.mozilla.org/ 6. I would check for updates in SpyBot once a week or so. Check for updates in Adaware frequently. I scan with each at least weekly. 7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm 8. I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. (You can use CCleaner for this.) 9. You might want to take a look at this article, too. http://computercops.biz/postlite7736-.html Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.  If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. -------------------- Microsoft MVP - Consumer Security |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 11:15 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.