Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Slow Computer And Problem With Ie


  • Please log in to reply
3 replies to this topic

#1 rody

rody

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:06:12 PM

Posted 15 August 2006 - 06:16 AM

Hi, the problems happen to my brother's computer, and his computer cant access to the internet (after the virus came i think), so i help him out using my computer to send him programs like hijackthis, McAfee, eg.


I've done what 'Preparation Guide for use before posting a HijackThis Log' has asked to do, except for:

Step 4 - using Spybot Search & Destroy (cant do updates as it requires us to access the internet)

Step 5 - Scan your computer for malware infections (cant do any online scan)

Step 7 - Enable or install a firewall (no access to internet)

Step 8 - Using Windows Update to get the latest Windows security updates. (no access to internet)



Additonal information:
- After 5min or more, those icons in the desktop started to appear.
Then 3 message box appeared, sayin
'hkcmd Module has encountered a problem and needs to close. Sorry for the inconveniece.'
'Server.exe has encountered a problem and needs to close. Sorry for .....'

- The last message box is a box named 'VNNClientS' and there's a black exclaimation mark in a yellow triangle.

- When runnin my Ad-Aware, I had Yok, DyFuCa removed.
- When runnin McAfee Stinger, I had lsassx.exe removed automatically.

C:\WINDOWS\system32\lsassx.exe
Found the W32/Sdbot.worm.gen virus !!!
C:\WINDOWS\system32\lsassx.exe has been deleted.


I hope the above information helps :thumbsup:



The followin is my bro's log:


Logfile of HijackThis v1.99.1
Scan saved at 6:32:46 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Windows\svchost.exe
C:\Windows\system32\wdfmgr.exe
C:\Windows\system32\OpenSSL.exe
C:\Windows\system32\wscntfy.exe
C:\Windows\WINLOGON.EXE
C:\Windows\system32\i6fo7937.exe
C:\Windows\system32\inetinfo.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Windows\system32\inetinfo.exe
C:\Program Files\Ohag\Rzbqoi.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: WinSearch - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\Windows\system32\winsearch.dll
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:\Windows\BHOBJ.dll
O2 - BHO: (no name) - {8D139DD1-6BB5-4103-8C89-41560FF2E107} - C:\WINDOWS\system32\3721_4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\Windows\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\Windows\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\Windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\Windows\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\Windows\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AutoLogon] regedit.exe /s \appl.zip\WXPPUPTW\logon.reg
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [i6fo7937] C:\Windows\system32\i6fo7937.exe
O4 - HKLM\..\Run: [Mbwgknzz] C:\Program Files\Ohag\Rzbqoi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [inetnfo] C:\Windows\system32\inetinfo.exe
O4 - HKLM\..\Run: [inetinfo] C:\Windows\system32\inetinfo.exe
O4 - HKLM\..\Run: [Torjan Program] C:\Windows\WINLOGON.EXE
O4 - HKLM\..\Run: [Systems32] C:\Windows\system32\Server.exe
O4 - HKLM\..\RunServices: [Torjan Program] C:\Windows\WINLOGON.EXE
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: VeryCD - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#18 in chain of 18 missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: KB391231M.LOG
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Svchost Service For Windows (svchost) - Unknown owner - C:\Windows\svchost.exe



Any help would be appreciated, thank you !

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 16 August 2006 - 08:34 PM

You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
=================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to all but system restore:


* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:06:12 PM

Posted 18 August 2006 - 04:09 AM

Hi MFDnSC , thanks for the reply,
but like i've said,

the computer infected isnt the computer im using now, it is my brother's computer.
and his computer can't access to internet anymore after it got infected (i dont know why)

And even if i download the 2 programs you mentioned using my computer and send to his computer using a thumbdrive, he cant do any updates as he cant access to the internet. :thumbsup:

Thats the reason i've no choice but to skip steps 4, 5, 7, 8

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 18 August 2006 - 04:43 PM

run without the updates
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users