Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computers Lagging Bad


  • Please log in to reply
1 reply to this topic

#1 yoon-o

yoon-o

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 04 August 2007 - 09:58 PM

computers been sluggish lately please help =(


i found some spywares, i was able to fix some but still my computers been running very slow.
what sould i do?

here are my hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 7:49:48 PM, on 8/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\yoon-o\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29C20620-92CA-42DB-9318-BE5112AC222C} - C:\WINDOWS\System32\mllmm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


just incase you need a combofix log:

ComboFix 07-08-05.3 - "yoon-o" 2007-08-04 19:34:03.1 [GMT -7:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\yoon-o\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\srsloxoi.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\yoon-o\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\1173657276.exe
C:\WINDOWS\system32\bnnlasok.dll
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\difxxfkh.exe
C:\WINDOWS\system32\gebbxxy.dll
C:\WINDOWS\system32\girjrlrw.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\oxkkatxt.exe
C:\WINDOWS\system32\qoirwgyq.dll
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\vfdgdupk.exe
C:\WINDOWS\system32\wjqbmybk.exe
C:\WINDOWS\system32\wqagbnob.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-04 19:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 19:03 125,460 --a------ C:\WINDOWS\system32\hppbeqgp.dll
2007-08-02 18:26 <DIR> d-------- C:\DOCUME~1\yoon-o\APPLIC~1\Samsung
2007-08-02 17:43 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-08-02 17:41 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-08-02 17:41 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-08-02 17:41 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-08-02 17:41 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-08-02 17:41 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-08-02 17:41 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-08-02 17:41 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-08-02 17:41 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-08-02 17:40 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-08-02 17:39 <DIR> d-------- C:\Program Files\Samsung
2007-08-02 16:27 <DIR> d-------- C:\Program Files\psx emulation cheater
2007-08-02 15:56 <DIR> d-------- C:\Program Files\Final Fantasy VII
2007-07-19 18:36 <DIR> d-------- C:\Program Files\Gabest


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 13:59 --------- d-------- C:\DOCUME~1\yoon-o\APPLIC~1\Azureus
2007-08-02 17:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 02:51 --------- d-------- C:\Program Files\Azureus
2007-06-30 23:09 --------- d-------- C:\DOCUME~1\yoon-o\APPLIC~1\U3
2007-05-11 20:03 3891 --a--c--- C:\WINDOWS\mozver.dat
2007-05-09 18:57 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29C20620-92CA-42DB-9318-BE5112AC222C}]
C:\WINDOWS\System32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-06-22 00:48]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-06-22 00:44]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-08 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DeadAIM"="rundll32.exe" [2002-08-29 05:00 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 21:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 15:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{52F2F16E-4CE3-4D8D-97D0-DF9466B7C813}"= C:\WINDOWS\System32\msiebs.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32]
winmmt32.dll

R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\System32\Drivers\SSFS0509.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\System32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\System32\Drivers\SSIDRV.SYS
R1 SCDEmu;SCDEmu;C:\WINDOWS\System32\drivers\SCDEmu.sys
R1 StarOpen;StarOpen;C:\WINDOWS\System32\drivers\StarOpen.sys
R3 senfilt;senfilt;C:\WINDOWS\System32\drivers\senfilt.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\System32\Drivers\sskbfd.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
S1 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
S2 lsass;Local Security Authority Subsystem Service;"C:\WINDOWS\scvhost.exe"
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 vaxscsi;vaxscsi;C:\WINDOWS\System32\Drivers\vaxscsi.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 19:42:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 19:44:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-04 19:43

--- E O F ---


thank you for your time

BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:11:45 PM

Posted 16 August 2007 - 01:35 PM

Hello yoon-o and welcome to the Forums :flowers:

Sorry for the long delay.

If you still require help - please post a fresh HijackThis log to here and I'll have a look :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users