Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop is actin buggy and running very slow


  • This topic is locked This topic is locked
5 replies to this topic

#1 CPUFAN

CPUFAN

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 April 2009 - 11:32 PM

Hi my desktop started to act funny and control panel wont open

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:12 PM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\reader_s.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Power Karaoke Toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - C:\Program Files\Power_Karaoke\tbPow1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [Prozelaguzeyawe] rundll32.exe "C:\WINDOWS\agowazulaxufosi.dll",e
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\3007357498.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Owner\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\pmx1vdnuys.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\352513748.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Owner\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\pmx1vdnuys.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D01794E9-4B1D-4A44-82CC-269C67B0C49C}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: as3iur98wajkef3wgf3 - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5876 bytes

BC AdBot (Login to Remove)

 


#2 CPUFAN

CPUFAN
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 April 2009 - 04:28 PM

well, the log has been posted for a couple days now and no reply.. someone please take a look at this hijack log and tell me what i need to do to restore my desktop back to normal

#3 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 18 April 2009 - 05:21 PM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why: Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

#4 CPUFAN

CPUFAN
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 April 2009 - 07:11 PM

Thankyou for your input i guess the long road must start over again for me and my pc, hopefully i wont run into this problem again, once again thankyou

#5 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 19 April 2009 - 07:27 AM

You're welcome, it's a horrific infection just be careful what you backup as I mentioned before.

#6 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 24 April 2009 - 07:39 AM

This Topic is now closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users