Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is slow...Logfile..Hope you can help me!


  • This topic is locked This topic is locked
4 replies to this topic

#1 kurkurkolik

kurkurkolik

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 11 February 2009 - 06:39 PM

Hi!

Since yesterday my computer starts running slowly.

I tried everything but seems like they didn't work at all..
I run CCleaner..
I run Malwarebytes and it was all clean.
I run Adaware and it couldn't find anything.
Even I restore my computer earlier time but it didn't help either.
Also I did difragment, clean temporary folders and cookies and nothing helped out.
Please help me to run this computer fastly.
Thanks for your continuing help.
And here is the log I thought you'll need to check..




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:31 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft

ActiveSync\wcescomm.exe
C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
C:\Program

Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\NETGEAR\WAB501

Configuration Utility\wlancfg2.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.ex

e
C:\Program Files\Windows

Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\SearchProtocolHost.ex

e
C:\Documents and

Settings\Serpil\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://www.toshiba.com/
R1 -

HKCU\Software\Microsoft\Windows\CurrentVers

ion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 80.190.241.30 home.edonkey.com
O1 - Hosts: 62.189.6.78

_sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78

_sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79

_sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79

_sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85

_sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85

_sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84

_sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84

_sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81

_sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81

_sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83

_sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83

_sip._ssl.ijkl.winnerip.com
O1 - Hosts: 91.207.117.244

browser-security.microsoft.com
O2 - BHO: (no name) -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

(no file)
O2 - BHO: (no name) -

{140BD8E3-C167-11D4-B4A3-080000180323} -

(no file)
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim

.dll
O2 - BHO: (no name) -

{5C255C8A-E604-49b4-9D64-90988571CECB} -

(no file)
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program

Files\Google\GoogleToolbarNotifier\5.0.926.345

0\swg.dll
O3 - Toolbar: (no name) -

{0BF43445-2F28-4351-9252-17FE6E806AA0} -

(no file)
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Babylon -

{965B54B0-71E0-4611-8DE7-F73FA0B20E26} -

C:\Program Files\Babylon\Babylon

Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [Babylon Client] C:\Program

Files\Babylon\Babylon-Pro\Babylon.exe

-AutoStart
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program

Files\Windows Live\Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program

Files\LowRateVoip\LowRateVoip.exe"

-nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleTool

barNotifier.exe
O4 - HKCU\..\Run: [Active Desktop Calendar]

C:\Program Files\XemiComputers\Active

Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program

Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [VoipRaider] "C:\Program

Files\VoipRaider.com\VoipRaider\VoipRaider.ex

e" -nosplash -minimized
O4 - HKCU\..\Run: [Voipwise] "C:\Program

Files\Voipwise.com\Voipwise\Voipwise.exe"

-nosplash -minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program

Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [german.exe]

C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [PoivY] "C:\Program

Files\PoivY.com\PoivY\PoivY.exe" -nosplash

-minimized
O4 - HKCU\..\Run: [drvsyskit]

C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [DriverUpdaterPro]

C:\Program Files\iXi Tools\Driver Updater

Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [H/PC Connection Agent]

"C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtri

g20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtri

g20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: GomezPEER.lnk =

C:\Program

Files\Gomez\GomezPEER\bin\GomezPEER.exe

(User 'SYSTEM')
O4 - .DEFAULT Startup: GomezPEER.lnk =

C:\Program

Files\Gomez\GomezPEER\bin\GomezPEER.exe

(User 'Default user')
O4 - Startup: GomezPEER.lnk = C:\Program

Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Adobe Acrobat Speed

Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat

Synchronizer.lnk = C:\Program

Files\Adobe\Acrobat

8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: WAB501 Configuration

Utility.lnk = C:\Program Files\NETGEAR\WAB501

Configuration Utility\wlancfg.exe
O4 - Global Startup: Windows Desktop

Search.lnk = C:\Program Files\Windows

Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.E

XE/3000
O8 - Extra context menu item: Translate with

&Babylon - res://C:\Program

Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/

Translate.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console

- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in

Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote

- {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile

Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DL

L
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:

c:\windows\system32\nwprovau.dll
O14 - IERESET.INF:

START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: www.adobe.com
O15 - Trusted Zone:

www.peoplemagazine.com
O16 - DPF:

{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/pr02/resources/

MSNPUpld.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/

V5Controls/en/x86/client/wuweb_site.cab?9467

25800297
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v

6/V5Controls/en/x86/client/muweb_site.cab?97

5192689463
O16 - DPF:

{814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}

(DASWebDownload Class) -

http://das.microsoft.com/activate/cab/x86/i486/

NTANSI/retail/DASAct.cab
O16 - DPF:

{B49C4597-8721-4789-9250-315DFBD9F525}

(IWinAmpActiveX Class) -

http://www.tgrthaber.com.tr/CanliYayin/ampx2.

6.1.11_en_dl.cab
O16 - DPF:

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}

(F-Secure Online Scanner 3.3) -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF:

{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}

(IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol/unagi/

ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service

(aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service:

##Id_String1.6844F930_1628_4223_B5CC_5BB

94B879762## (Bonjour Service) - Apple

Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service -

Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision

Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc)

- Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service

(McAfeeFramework) - McAfee, Inc. - C:\Program

Files\McAfee\Common

Framework\FrameworkService.exe
O23 - Service: NVIDIA Driver Helper Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: ServiceLayer - Nokia. -

C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe

--
End of file - 11254 bytes

Edited by kurkurkolik, 11 February 2009 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 February 2009 - 01:47 AM

Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




Please post these logs in your next reply... Post each log in separate post

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 kurkurkolik

kurkurkolik
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:55 AM

Posted 13 February 2009 - 12:07 PM

Hi again!

I download comedian and did what ever it says.
Since yesterday I was trying to get into safe mode for SMfix but couldn't do it. .:step4: When I try to go to safe mode computer starts again and again. After several tries I went to the run /msconfig/boot.ini and try to safe boot over there. After that stupid mistake now my computer going restart again. From now on, I can not log in to my computer because it is restarting continuously.

I am writing this from different computer. And I don't know what to do? :thumbup2:

Help me please. :)

Edited by kurkurkolik, 13 February 2009 - 12:07 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 February 2009 - 12:20 PM

Hi again!

I download comedian and did what ever it says.
Since yesterday I was trying to get into safe mode for SMfix but couldn't do it. .:step4: When I try to go to safe mode computer starts again and again. After several tries I went to the run /msconfig/boot.ini and try to safe boot over there. After that stupid mistake now my computer going restart again. From now on, I can not log in to my computer because it is restarting continuously.

I am writing this from different computer. And I don't know what to do? :thumbup2:

Help me please. :)



First of all, whenever you can't complete a task, just stop and tell me, so we can figure out another route.. I never ask anyone to force into Safe Mode as it is very-very dangerous for the computer...


Now, this is a tricky situation.. Please have a long read on below link..

http://temerc.com/forums/viewtopic.php?p=3...82eb48#p3424135

Read the whole article first.. Then read carefully from below lines..


Caught in bootloop....

If the user has no OS CD to get into the recovery console they can download (obviously on another computer) and create the bootable RC.iso from here:

http://www.thecomputerparamedic.com/files/rc.iso

This is a bootable CD you can use to access the Recovery Console to repair the busted boot.ini file.

This article describes how to do it:

http://support.microsoft.com/kb/330184

bootcfg.exe is present only on XP Pro. Not on 2K or XP home.

===============================================

You can also slave the hard drive to another computer to edit the boot.ini file.
Boot.ini is system, read-only, & hidden.
Read only attribute will need to be removed to edit the file.
All you need to remove from boot.ini is this part:

/safeboot:minimal

Leave the rest intact. Re-check read only after saving changes.

Plug the drive back into the broken computer and you should be off to the races.

Obviously care must be taken here especially if the broken hdd is infected.

===============================================

Repair install Windows if they have an OS CD.

Non destructive Recovery if they have Recovery Partition or Recovery CDs.

Destructive Recovery if they have Recovery Partition or CDs.


*credit to Blender and TeMerc


Do above step and then tell me more about it..

Edited by fenzodahl512, 13 February 2009 - 12:22 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 25 February 2009 - 07:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users