Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Freezing And So Slow


  • Please log in to reply
1 reply to this topic

#1 lynette11

lynette11

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 16 November 2007 - 10:29 AM

HI there wondering if someone could help please, someone has been downloading stuff and going places i think they should properly not be going, anyways my pc has become really slow, freezers and sometimes programms will not open, i have was getting a message from nod32 that i had adware, i did a full scan with nod32, pick up nothing, i did a scan with adware se spybot they picked up a few things, superantispyware picked up alot, this is the log for that below.
still having problems even after they were quaranitned. some advice would be really great, also i have tried to run trendmicro house call, and bitdefender but they keep coming up with an error, so i dont get to scan.



Generated 11/14/2007 at 07:19 PM

Application Version : 3.7.1018

Core Rules Database Version : 3344
Trace Rules Database Version: 1345

Scan type : Complete Scan
Total Scan Time : 00:49:23

Memory items scanned : 517
Memory threats detected : 5
Registry items scanned : 6385
Registry threats detected : 28
File items scanned : 43366
File threats detected : 13

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\VTUUVUS.DLL
C:\WINDOWS\SYSTEM32\VTUUVUS.DLL
HKLM\Software\Classes\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}\InprocServer32
HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtuuvus
HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\SSQRQ.DLL
C:\WINDOWS\SYSTEM32\SSQRQ.DLL
HKLM\Software\Classes\CLSID\{62817F4F-4DD6-4D86-96C5-F4A9724384D5}
HKCR\CLSID\{62817F4F-4DD6-4D86-96C5-F4A9724384D5}
HKCR\CLSID\{62817F4F-4DD6-4D86-96C5-F4A9724384D5}\InprocServer32
HKCR\CLSID\{62817F4F-4DD6-4D86-96C5-F4A9724384D5}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62817F4F-4DD6-4D86-96C5-F4A9724384D5}

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\EDNOURID.DLL
C:\WINDOWS\SYSTEM32\EDNOURID.DLL
C:\WINDOWS\SYSTEM32\SRCDOLRF.DLL
C:\WINDOWS\SYSTEM32\SRCDOLRF.DLL

Trojan.Downloader-Gen/Svchost-Fake
C:\WINDOWS\FONTS\SVCHOST.EXE
C:\WINDOWS\FONTS\SVCHOST.EXE
[Host Process] C:\WINDOWS\FONTS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-17B62EB3.pf

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{9C8A568E-4201-478a-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\InprocServer32#ThreadingModel
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\ProgID
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\Programmable
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\TypeLib
HKCR\CLSID\{9C8A568E-4201-478A-8536-526CF371D2E2}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\NSE2BC6.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33c9dba2-bb9d-43ed-abeb-5cc91421a521}
HKCR\CLSID\{33C9DBA2-BB9D-43ED-ABEB-5CC91421A521}
HKCR\CLSID\{33C9DBA2-BB9D-43ED-ABEB-5CC91421A521}\InprocServer32
HKCR\CLSID\{33C9DBA2-BB9D-43ED-ABEB-5CC91421A521}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NIAERFJT.DLL
C:\WINDOWS\SYSTEM32\TFHJRDAN.DLL

Adware.Tracking Cookie
C:\Documents and Settings\lynette\Cookies\lynette@partypoker[2].txt
C:\Documents and Settings\lynette\Cookies\lynette@rotator.its.adjuggler[2].txt

Trojan.Downloader-AUPD
C:\DOCUMENTS AND SETTINGS\LYNETTE\LOCAL SETTINGS\TEMP\AUPD.EXE

Adware.AdRotator/RightOnz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D1982B28-D234-4BF6-8D95-36F35214EE60}\RP361\A0098304.DLL

here is the highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:50 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Roxio\Easy Media Creator 7\Disc Copier\DiscCopier7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\lynette\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=http://xtra.co.nz
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168747501041
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176585504156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97D721D8-B130-4F7C-810D-192F2DB26503}: NameServer = 60.234.1.1,60.234.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{97D721D8-B130-4F7C-810D-192F2DB26503}: NameServer = 202.27.158.40,202.255.156.27
O17 - HKLM\System\CS2\Services\Tcpip\..\{97D721D8-B130-4F7C-810D-192F2DB26503}: NameServer = 60.234.1.1,60.234.2.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{97D721D8-B130-4F7C-810D-192F2DB26503}: NameServer = 60.234.1.1,60.234.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O24 - Desktop Component 0: (no name) - http://fatso.co.nz/image/_compiled/newhome/main_image01.jpg

--
End of file - 5785 bytes

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:42 PM

Posted 29 November 2007 - 04:53 PM

Hi lynette11, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users