Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer - slow and having issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 mayelf

mayelf

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 01 February 2011 - 11:05 PM

Running windows XP home edition -

The computer was running without protection and maintenance. I took care of it by running avast, adaware, malwarebytes, and here are the logs.

Is there anything else that is going on? It is still running poorly. The internet was not working and it is working now. I am getting constant warnings about trojan attacks - example (win32: hilot) from Avaast

Thanks so much!!

Got a system error from microsoft that closed GMR when running it.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Mary at 19:55:29.98 on Tue 02/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.495 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Documents and Settings\Mary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:bushel978scanty@m.facebook.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [motoregcheck] c:\program files\common files\motorola\broadband\sb5101\RegCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nsxcworema.tmp] "c:\docume~1\mary\locals~1\temp\nsxcworema.tmp"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Qbubize] rundll32.exe "c:\windows\iyucuzuhi.dll",Startup
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247251618406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
LSA: Notification Packages = scecli cirt320.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mary\applic~1\mozilla\firefox\profiles\b3c86gea.default\
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=55957&p=
FF - component: c:\documents and settings\mary\application data\mozilla\firefox\profiles\b3c86gea.default\extensions\{018a8535-25e4-40fc-8c97-45319035f093}\components\Engine.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: MLK Memorial Toolbar: {018a8535-25e4-40fc-8c97-45319035f093} - %profile%\extensions\{018a8535-25e4-40fc-8c97-45319035f093}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {A5D1761D-F6D1-4B96-A8E6-A19FFAB4F90A} - c:\documents and settings\mary\local settings\application data\{A5D1761D-F6D1-4B96-A8E6-A19FFAB4F90A}

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2009-7-10 9344]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-1 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-1 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-1 40384]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2009-7-10 434944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-22 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S3 NB762_XP;NB 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanUZXP.SYS [2010-1-23 437760]

=============== Created Last 30 ================

2011-02-02 03:55:41 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-02 03:53:58 38848 ----a-w- c:\windows\avastSS.scr
2011-02-02 03:49:04 -------- d-----w- c:\docume~1\mary\locals~1\applic~1\Sunbelt Software
2011-02-02 03:40:34 -------- d-----w- c:\program files\Lavasoft
2011-02-02 03:32:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-02 03:32:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-02 03:29:08 160768 ------w- c:\windows\trz8.tmp
2011-02-02 03:12:25 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-02 03:10:21 -------- d-----w- c:\program files\SpywareBlaster
2011-02-02 03:09:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-02 03:06:39 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-02 03:04:56 -------- d-----w- c:\docume~1\mary\applic~1\Malwarebytes
2011-02-02 03:04:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 03:03:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-02 03:03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-02 03:03:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-02 01:39:38 87608 ----a-w- c:\docume~1\mary\applic~1\inst.exe
2011-02-02 01:39:38 47360 ----a-w- c:\docume~1\mary\applic~1\pcouffin.sys
2011-01-20 09:05:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\fKlLl06504
2011-01-18 00:27:08 -------- d-----w- c:\windows\system32\drivers\nss\0300010.008
2011-01-18 00:27:08 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-18 00:27:08 -------- d-----w- c:\program files\Norton Security Scan
2011-01-08 03:38:13 -------- d-----w- c:\docume~1\mary\applic~1\eeeeflipd
2011-01-06 00:57:32 815104 ----a-w- c:\windows\system32\xvidcore.dll
2011-01-06 00:57:32 77824 ----a-w- c:\windows\system32\xvid.ax
2011-01-06 00:57:32 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-01-06 00:57:31 -------- d-----w- c:\program files\Xvid

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 19:59:00.92 ===============

Attached Files


Edited by Blade Zephon, 01 February 2011 - 11:20 PM.
Moved to log forum. ~BZ


BC AdBot (Login to Remove)

 


#2 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:15 AM

Posted 06 February 2011 - 12:04 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 5 days, this topic will be closed. If you have since resolved the original problem you were having, we would appreciate you letting us know.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.


#3 Jack&Jill

Jack&Jill

  • Malware Response Team
  • 385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South East Asia
  • Local time:01:15 AM

Posted 12 February 2011 - 11:31 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users