Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Acting Suspiciously Slow...


  • This topic is locked This topic is locked
5 replies to this topic

#1 xVolkaNx

xVolkaNx

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 11 April 2008 - 05:07 PM

yes i know i have nortons and avast on my computer at the same time, but before this it wasn't this bad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:20 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Michael\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adrsahachc - Unknown owner - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8055 bytes

thanks if you can help.

BC AdBot (Login to Remove)

 


#2 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 19 April 2008 - 09:57 PM

yes i know i have nortons and avast on my computer at the same time, but before this it wasn't this bad.

Perhaps this changed after a recent update??? It sound like you've heard the speech before..... I'll give it again. Have one AV is a MUST.... having more than one is just asking for trouble. They WILL fight for system resources...cause slow downs and errors and worse case scenario; cancel each other other. If you want to keep both make sure one is completely disable so only one is running at a time.

Please download and install SUPERAntiSpyware
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it\u2019s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • Ill need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware login your next reply.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

REBOOT

Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    (Vista users, please right click on OtScanIt.exe and select "Run as an Administrator")
  • Leave all the setting to the default except as noted below
  • Check the box for Scan all user accounts
  • Under Additional Scans sections, check the following
  • Reg - BotCheck
  • File - Additional Folder Scan
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
[/list]Since the log is too large to post, use the ADDREPLY button, then scroll down to the attachments section and attach the notepad file here.

#3 xVolkaNx

xVolkaNx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 April 2008 - 10:22 PM

alright ill get on that, during the past 5 days i ran a bootscan with avast and picked up a few trojans inside the cache of mozilla and one in the hibernation file!, the mozilla one was easily solved as i deleted the folder it was in and reinstalled it but ill do what you said above for anymore threats

#4 xVolkaNx

xVolkaNx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 19 April 2008 - 11:46 PM

C:\Documents and
Settings\Michael\Cookies\michael@ads.bleepingcomputer[1].txt

i lol'd
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2008 at 11:56 PM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1434

Scan type : Complete Scan
Total Scan Time : 00:28:24

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 5021
Registry threats detected : 0
File items scanned : 16648
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Michael\Cookies\michael@adcentriconline[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Michael\Cookies\michael@findaperson.canada411[1].txt
C:\Documents and Settings\Michael\Cookies\michael@a.websponsors[2].txt
C:\Documents and Settings\Michael\Cookies\michael@server.cpmstar[1].txt
C:\Documents and Settings\Michael\Cookies\michael@imrworldwide[2].txt
C:\Documents and Settings\Michael\Cookies\michael@www.helpmefinddegrees[1].txt
C:\Documents and Settings\Michael\Cookies\michael@partner2profit[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.habbogroup[1].txt
C:\Documents and Settings\Michael\Cookies\michael@aff.primaryads[1].txt
C:\Documents and Settings\Michael\Cookies\michael@findaperson.canada-411[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.gametap[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.ak.facebook[1].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.gamebattles[2].txt
C:\Documents and Settings\Dan\Cookies\dan@adcentriconline[1].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.pointroll[1].txt
C:\Documents and Settings\Dan\Cookies\dan@advertising[2].txt
C:\Documents and Settings\Dan\Cookies\dan@ar.atwola[1].txt
C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt
C:\Documents and Settings\Dan\Cookies\dan@atwola[1].txt
C:\Documents and Settings\Dan\Cookies\dan@cdn.atwola[2].txt
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[2].txt
C:\Documents and Settings\Dan\Cookies\dan@imrworldwide[2].txt
C:\Documents and Settings\Dan\Cookies\dan@toplist[1].txt
C:\Documents and Settings\Dan\Cookies\dan@true-babesxxx[2].txt
C:\Documents and Settings\DOM\Cookies\dom@atdmt[1].txt
C:\Documents and Settings\DOM\Cookies\dom@counter.surfcounters[1].txt
C:\Documents and Settings\DOM\Cookies\dom@msnportal.112.2o7[1].txt
C:\Documents and Settings\DOM\Cookies\dom@pro-market[2].txt

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\KEYGEN.EXE

Attached Files



#5 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 20 April 2008 - 11:57 AM

Looking real good actually

Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Files/Folders - Modified Within 30 days]
NY -> qoobox -> %SystemDrive%\qoobox
NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 18 C:\Documents and Settings\Michael\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Michael\Local Settings\Temp\*.tmp
NY -> 5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> 1 C:\Documents and Settings\Michael\My Documents\*.tmp files -> C:\Documents and Settings\Michael\My Documents\*.tmp
[Extra Files]
C:\Documents and Settings\ALL USERS\DOCUMENTS\KEYGEN.EXE
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

If it reboots this may not happen. If you need to manually find the file it is at Desktop\OTScanIt\MovedFiles\04082008_163441.log or what ever yours is named(Date/Time you ran the fix)

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on the Start Scanning button at bottom of page.
  • Accept the License Agreement and the ActiveX install.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
Please post
  • OTscan it "results" log (described above)
  • F-Secure log
  • Fresh OtScanIt log made after F-secure
in your next reply here

#6 xVolkaNx

xVolkaNx
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 21 April 2008 - 03:51 PM

nvm

Edited by xVolkaNx, 21 April 2008 - 04:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users