Results 1 to 5 of 5
  1. #1
    Member
    Join Date
    Jun 2009
    Posts
    3
    Points
    0

    Default my comp is running veryy slow and im suspicious plz help

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:35:39 PM, on 6/15/2009
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - Comcast.net | TV Entertainment | News | Finance | Videos | Music | Sports (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - Comcast Help & Support (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - Comcast Help & Support (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINNT\system32\shdocvw.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: cbXNHYpn - cbXNHYpn.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

    --
    End of file - 4027 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,189
    Points
    1308

    Default

    I can get you started doing something:

    Do this next please,

    Double click the hijackthis Icon on the Desktop, Scroll down to ‘’Open the Misc Tools section” Click it at the bottom under System tools click “Open Uninstall Manager” over to the right click “Save List” Save it to your Desktop so you may find it, copy and paste it in your next reply..



    Then run the scan below






    Please download Malwarebytes' Anti-Malware to your desktop from here Malwarebytes.org
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  3. #3
    Member
    Join Date
    Jun 2009
    Posts
    3
    Points
    0

    Default hey

    i ran malware a lot in the past week and gt rid of all the infections it came with but heres the hijack log u asked fr thanks so much

    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Shockwave Player
    AirPlus XtremeG
    ANIO Service
    ANIWZCS2 Service
    CCleaner (remove only)
    Comcast High-Speed Internet Install Wizard
    EPSON Printer Software
    FinePixViewer Ver.3.2
    HijackThis 2.0.2
    HP Extended Capabilities 4.7
    HP PSC & OfficeJet 4.7
    HP Software Update
    Indeo® Software
    Internet Explorer Q867801
    Java(TM) 6 Update 12
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft Data Access Components KB870669
    Microsoft Internet Explorer 6 SP1
    Microsoft Office 97, Professional Edition
    Mozilla Firefox (3.0.11)
    Registry Mechanic 8.0
    SUPERAntiSpyware Free Edition
    TeamViewer 4
    Windows 2000 Hotfix - KB329115
    Windows 2000 Hotfix - KB823182
    Windows 2000 Hotfix - KB823559
    Windows 2000 Hotfix - KB824105
    Windows 2000 Hotfix - KB825119
    Windows 2000 Hotfix - KB826232
    Windows 2000 Hotfix - KB828035
    Windows 2000 Hotfix - KB828741
    Windows 2000 Hotfix - KB828749
    Windows 2000 Hotfix - KB835732
    Windows 2000 Hotfix - KB837001
    Windows 2000 Hotfix - KB839643
    Windows 2000 Hotfix - KB839645
    Windows 2000 Hotfix - KB840315
    Windows 2000 Hotfix - KB841872
    Windows 2000 Hotfix - KB841873
    Windows 2000 Hotfix - KB842526
    Windows Media Player 7.1
    Windows Media Player Hotfix [See Q828026 for more information]
    WinZip

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,189
    Points
    1308

    Default

    Hi,

    sapna

    Can you follow the instructions at this link A guide and tutorial on using ComboFix


    Follow the instructions carefully and post a Combofix log, I will need to have one of our other guys look at it for you though.

  5. #5
    Member
    Join Date
    Jun 2009
    Posts
    3
    Points
    0

    Default thanks heres combo fixes log

    ComboFix 09-06-21.01 - Administrator 06/21/2009 22:50.1 - FAT32x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.128.56 [GMT -4:00]
    Running from: c:\documents and settings\Administrator.DAISY\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\arcldr.exe
    C:\arcsetup.exe
    c:\winnt\mainms.vpi
    c:\winnt\megavid.cdt
    c:\winnt\muotr.so
    c:\winnt\system32\ebvhpfdd.ini
    c:\winnt\system32\ehknqtwa.ini
    c:\winnt\system32\ehknqtwa.ini2
    c:\winnt\system32\hhyjmduj.ini
    c:\winnt\system32\hljwugsf.bin
    c:\winnt\system32\keddnweh.ini
    c:\winnt\system32\myacivwy.ini
    c:\winnt\system32\rgnrrvcq.ini
    c:\winnt\system32\ulyceide.ini
    c:\winnt\system32\uysfwmlf.ini
    c:\winnt\system32\xsddgddk.ini
    c:\winnt\Web\default.htt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSSECURITY1.209.4
    -------\Legacy_PLUGPLAYRPC


    ((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
    .

    2009-06-22 03:02 . 2009-06-22 03:02 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_1dc.dat
    2009-06-18 00:27 . 2009-06-18 00:27 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Webroot
    2009-06-17 20:54 . 2009-06-17 20:54 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Geek Squad
    2009-06-15 19:00 . 2009-02-05 20:06 23152 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
    2009-06-15 19:00 . 2009-02-05 20:06 51376 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
    2009-06-15 19:00 . 2009-02-05 20:05 26944 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
    2009-06-15 19:00 . 2009-02-05 20:04 97480 ----a-w- c:\winnt\system32\AvastSS.scr
    2009-06-15 18:59 . 2009-02-05 20:07 114768 ----a-w- c:\winnt\system32\drivers\aswSP.sys
    2009-06-15 18:59 . 2009-02-05 20:08 94032 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
    2009-06-15 18:59 . 2009-02-05 20:08 93296 ----a-w- c:\winnt\system32\drivers\aswmon.sys
    2009-06-15 18:58 . 2009-02-05 20:11 1256296 ----a-w- c:\winnt\system32\aswBoot.exe
    2009-06-15 17:58 . 2009-06-15 17:58 0 ----a-w- c:\winnt\nsreg.dat
    2009-06-15 17:58 . 2009-06-15 17:58 -------- d-----w- c:\documents and settings\Administrator.DAISY\Local Settings\Application Data\Mozilla

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-12 23:52 . 2009-02-22 20:09 3371383 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-06-10 22:16 . 2004-10-11 21:24 8482 ----a-w- c:\winnt\extend.dat
    2009-05-26 17:20 . 2008-12-20 23:51 40160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2009-05-26 17:19 . 2008-12-20 23:51 18456 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2009-05-05 22:54 . 2009-05-05 22:54 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\McAfee
    2009-05-02 12:37 . 2009-05-02 12:37 4096 ------w- c:\program files\AskSearch
    2004-08-30 00:52 . 2000-05-02 19:00 21952 ---h--w- c:\program files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "D-Link AirPlus XtremeG"="c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2004-09-22 987136]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
    "Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-06-19 111376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-03 18:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
    2003-06-19 19:05 139536 ----a-w- c:\winnt\system32\NWPROVAU.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\winnt\system32\drivers\A3AB.sys [9/2/2004 9:01 PM 396480]
    R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [8/29/2004 8:03 PM 61712]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
    R3 SiSV;SiSV;c:\winnt\system32\drivers\SiSV.sys [8/29/2004 8:03 PM 49904]
    S3 NtApm;NT Apm/Legacy Interface Driver;c:\winnt\system32\drivers\NtApm.sys [8/29/2004 8:06 PM 9104]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IPNAT
    *NewlyCreated* - RASAUTO
    *NewlyCreated* - SHAREDACCESS
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-cbXNHYpn - cbXNHYpn.dll


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uStart Page = hxxp://www.google.com/
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    mStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: %SystemRoot%\system32\msafd.dll
    Trusted Zone: safetydownload.com
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-06-21 23:03
    Windows 5.0.2195 Service Pack 4 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(144)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL

    - - - - - - - > 'explorer.exe'(984)
    c:\winnt\AppPatch\AcLayers.DLL
    c:\winnt\system32\SHDOCVW.DLL
    c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
    c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
    c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
    c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
    c:\winnt\system32\MSI.DLL
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    .
    Completion time: 2009-06-22 23:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-22 03:08

    Pre-Run: 4,873,306,112 bytes free
    Post-Run: 5,038,407,680 bytes free

    139