Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow down and freezing with mulitple iexplorer.exe running


  • Please log in to reply
3 replies to this topic

#1 taffin

taffin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 22 November 2012 - 03:38 PM

Good day,
I've lately been having an excess of freezing and slowing issues. I currently run malbytes and stopzilla and earlier ran malbytes root version. This did catch and appear to remove multiple issues. However, the slowness and lagging is still occuring and am often running multiple iexplorer.exe when I pull up the task manager (always a minimum of two running but sometimes more).
I've searched for others who have had the same issue but it seems to be a problem beyond my limited attempts. Any help will be appreciated- even if just pointing me in a the right direction where to start next.
Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:57 PM

Posted 22 November 2012 - 05:59 PM

Hello can you psot those scan logs for review?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 taffin

taffin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 November 2012 - 10:53 AM

Thanks for the quick reply. What follows is the log from yesterdays scan.
If there are multiple logs, please let me know and will find mate.
Thanks!

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.22.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: MOLEHOLE [administrator]

11/22/2012 2:39:25 PM
mbar-log-2012-11-22 (14-39-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27657
Time elapsed: 51 minute(s), 40 second(s)

Memory Processes Detected: 2
C:\Program Files\Common Files\HPAiODevEvent\HPAiODevEvent.exe (Spyware.Zbot.DG) -> 292 -> Delete on reboot. [96ebdadfd4890c2abbd4764003fdce32]
C:\Documents and Settings\Admin\sudbyzquxqus.exe (Trojan.Cutwail) -> 1616 -> Delete on reboot. [770a2c8d2637a492f55ba779b351817f]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> Delete on reboot. [89f8e7d2fa63f442f4f8e8deb64ad729]
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. [d7aa576283da1c1a278e1ce4b7495da3]

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HPAiODevEvent (Spyware.Zbot.DG) -> Data: "C:\Program Files\Common Files\HPAiODevEvent\HPAiODevEvent.exe" /n -> Delete on reboot. [96ebdadfd4890c2abbd4764003fdce32]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sudbyzquxqus (Trojan.Cutwail) -> Data: C:\Documents and Settings\Admin\sudbyzquxqus.exe -> Delete on reboot. [770a2c8d2637a492f55ba779b351817f]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Suganyak (Trojan.LameShield) -> Data: "C:\Documents and Settings\Admin\Application Data\Ysry\avhi.exe" -> Delete on reboot. [136e4475bf9e8babe7e2efdf27d9c739]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Delete on reboot. [3b463980f766043213ef19eda1629f61]

Registry Data Items Detected: 3
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\n.) Good: (fastprox.dll) -> Delete on reboot. [344d39801b423ff76c9394969d67ac54]
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot. [7011546568f546f0516e41bfbf4152ae]
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b\n.) Good: (shell32.dll) -> Delete on reboot. [f9887544e27b082e47e28e9d43c1d828]

Folders Detected: 10
C:\WINDOWS\Installer\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\L (Backdoor.0Access) -> Delete on reboot. [a5dc4673f865c472fe8351af4cb45fa1]
C:\WINDOWS\Installer\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\U (Backdoor.0Access) -> Delete on reboot. [4e337247fd60989e483a60a03dc3936d]
C:\Documents and Settings\Admin\Local Settings\Application Data\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\U (Backdoor.0Access) -> Delete on reboot. [1b6690293a23191dbdc8b14f4bb5946c]
C:\Documents and Settings\Admin\Local Settings\Application Data\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\L (Backdoor.0Access) -> Delete on reboot. [b1d0ffba82db92a46f171fe143bd8e72]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\U (Trojan.Siredef.C) -> Delete on reboot. [621fc5f489d4c472b5e451afe020c739]
C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b\U (Trojan.Siredef.C) -> Delete on reboot. [136ec8f1203d3df9debbea16827e44bc]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\L (Trojan.Siredef.C) -> Delete on reboot. [dea3ccedd88596a01289b14f54ac1fe1]
C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b\L (Trojan.Siredef.C) -> Delete on reboot. [3d4401b89bc2f541a7f4f70959a7916f]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b (Trojan.Siredef.C) -> Delete on reboot. [7c0519a0b8a551e534683ac62bd58e72]
C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b (Trojan.Siredef.C) -> Delete on reboot. [3e4300b9550847ef4a5297696f9146ba]

Files Detected: 22
C:\Program Files\Common Files\HPAiODevEvent\HPAiODevEvent.exe (Spyware.Zbot.DG) -> Delete on reboot. [96ebdadfd4890c2abbd4764003fdce32]
C:\Documents and Settings\Admin\sudbyzquxqus.exe (Trojan.Cutwail) -> Delete on reboot. [770a2c8d2637a492f55ba779b351817f]
C:\Documents and Settings\Admin\Application Data\Ysry\avhi.exe (Trojan.LameShield) -> Delete on reboot. [136e4475bf9e8babe7e2efdf27d9c739]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\@ (Trojan.Siredef.C) -> Delete on reboot. [a4dd9e1bdc81a492cacc9f61f80817e9]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\n (Trojan.0Access) -> Delete on reboot. [2e53358492cb3600a34913b3eb1544bc]
C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b\@ (Trojan.Siredef.C) -> Delete on reboot. [acd55762d48934023c5aeb1516eaee12]
C:\RECYCLER\S-1-5-21-3351435203-520130090-611744288-1018\$49bc8f3f0df7591b47488db127cdb61b\n (Trojan.0Access) -> Delete on reboot. [89f8e7d2fa63f442f4f8e8deb64ad729]
C:\Documents and Settings\Admin\Local Settings\Temp\19291265.exe (Trojan.Cutwail) -> Delete on reboot. [6a1717a26eefed493f11c35d42c212ee]
C:\Documents and Settings\Admin\Local Settings\Temp\~!#1C4.tmp (Trojan.Agent.TRGen) -> Delete on reboot. [8df4f0c999c4c076f7963e6fd72902fe]
C:\Documents and Settings\Admin\Local Settings\Temp\~!#1C6.tmp (Spyware.Zbot.DG) -> Delete on reboot. [5031b603b8a53ef8d1be11a550b056aa]
C:\Documents and Settings\Admin\Local Settings\Temp\~!#1C8.tmp (Trojan.Medfos) -> Delete on reboot. [cbb6f9c015482a0c467b28850ff1f010]
C:\Documents and Settings\Admin\Local Settings\Temp\glom0_og.exe (Trojan.Agent.SZ) -> Delete on reboot. [027f6b4efe5fec4a9d5dbcb2ae56857b]
C:\Documents and Settings\Admin\Local Settings\Temp\rundll32.dll (Trojan.Phex.THAGen2) -> Delete on reboot. [31509b1ef5682a0ccc7315a8d32d7789]
C:\Documents and Settings\Admin\Local Settings\Temp\glom0_ogc.exe (Trojan.Happili) -> Delete on reboot. [057cab0e77e65ed89c236e371be541bf]
C:\Documents and Settings\ron carter\Local Settings\Temp\6D.tmp (Trojan.Agent) -> Delete on reboot. [9ae73c7dd7867db95a89c06a47b945bb]
C:\WINDOWS\Installer\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\@ (Backdoor.0Access) -> Delete on reboot. [4e337b3e9fbee155b9a118e8da26c53b]
C:\Documents and Settings\Admin\Local Settings\Application Data\{49bc8f3f-0df7-591b-4748-8db127cdb61b}\@ (Backdoor.0Access) -> Delete on reboot. [b8c968516cf135014fbf48b8a25e46ba]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot. [acd56257ef6e3600464ece32689854ac]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot. [c3be05b4302d56e0088cfb059e62bb45]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\U\00000001.@ (Trojan.0Access) -> Delete on reboot. [d0b1b5049ac35adc5298a323867ae21e]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\U\80000000.@ (Trojan.0Access) -> Delete on reboot. [344d2594ea7353e345a55571926eec14]
C:\RECYCLER\S-1-5-18\$49bc8f3f0df7591b47488db127cdb61b\U\800000cb.@ (Trojan.0Access) -> Delete on reboot. [cab7fabf0d501125e2089e2827d96a96]

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:57 PM

Posted 23 November 2012 - 11:37 AM

OK, you haveseveral nasty rootkits on here and they are resistant. To remove them you need to repost with that MBAM log and the DDS log n the Guide below.

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users