Results 1 to 2 of 2
  1. #1
    Member trout's Avatar
    Join Date
    Mar 2005
    Posts
    97
    Points
    0

    Default Major Problems - slow computer, etc.

    I am having major problems all around. Slowness, shut down error messages. I already have a post on the Computer Help forum b/c of Generic Host Process for Win32 Services. I have been trying to work through the problems, but I can't even get through the tutorial. I was able to run spybot, it found 3 problems and fixed them. I can't even update through Windows update or Microsoft update. I tried Housecall but it kept "warning slow connection detected.' I was able to run a hijack this log and it is posted here. I am at my wits end. I don't know where to start. I spent 1 1/2 hours on the phone with HP support, b/c it was indicated through the google search, that it may be the HP printer. Uninstalled and reinstalled the printer, but it is still going on.
    Please help! (Dell Dimension 2350 running Windows XP Home Edition SP1,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:03:46 PM, on 11/29/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\hguard.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Windows FormatAd\WinForm.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Windows FormatAd\WinFormKeep.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Windows Config] C:\WINDOWS\hguard.exe
    O4 - HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
    O4 - HKLM\..\Run: [DLL Service] dllserv.exe
    O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
    O4 - HKLM\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunServices: [Windows Config] C:\WINDOWS\hguard.exe
    O4 - HKLM\..\RunServices: [DLL Service] dllserv.exe
    O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\RunServices: [Windows Support Center] msmsgr.exe
    O4 - HKUS\S-1-5-18\..\Run: [Windows Timer Update] phqghume.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [svhost32] svhost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Windows Network Controller] mqguard.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [MicrosoftXP Service Pack 2] servicepack2.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [window2] ieupdate.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] winupdate.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update DLL] rxxhost.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [nternet Explorer] iexplore.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Network Controller] mqguard.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Windows Timer Update] phqghume.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Network Controller] mqguard.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195176677657
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196388989625
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O21 - SSODL: mtklefap - {438B1E83-6D0C-4026-7AB8-8C139ED87E2E} - C:\WINDOWS\SYSTEM32\lpkx32.dll (file missing)
    O21 - SSODL: mtklef - {4240507A-FBE6-4708-4583-054C64ACECE6} - C:\WINDOWS\SYSTEM32\wbxatk32.dll (file missing)

    --
    End of file - 5632 bytes

  2. #2
    Member Oddjob's Avatar
    Join Date
    May 2004
    Location
    London, U.K.
    Posts
    1,979
    Points
    248

    Default

    I suggest you print this out to help you follow my advice.

    I'm sorry to tell you your system is terribly infected. The problem with infections nowadays is they cause a lot of damage. Even if we clean the malware off your system I can't guarantee that your system will be clean afterwards because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
    Also I can't promise you we can repair all the damage it caused. Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

    So we can try to clean this up, and do what we can, but keep in mind that we probably can't solve ALL problems this malware already caused.

    In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. The reason I am suggesting this is because, when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

    I haven't read you other thread but I want to ask ... which firewall and antivirus are you using to protect this computer?

    Before you do anything else you must make sure you have both installed and fully operational.

    Here are some choices for free software firewalls and antivirus (NOTE >> install only ONE of each) ...

    AV .

    AVG > http://free.grisoft.com/doc/1

    Avast > http://www.avast.com/eng/avast_4_home.html

    Antivir > http://www.free-av.com/antivirus/allinonen.html

    **Comodo > http://www.antivirus.comodo.com/ [AV in beta only]


    F/W ..

    Zone Alarm > http://www.zonelabs.com/store/conten...=en&lid=nav_za

    Sygate > http://www.simtel.net/product.php%5B...D%5Dsimtel.net

    Sunbelt Firewall (formerly Kerio) > http://www.sunbelt-software.com/Home...onal-Firewall/

    **Comodo > http://www.comodo.com/products/free_products.html

    Jetico > http://www.jetico.com/index.htm#/jpfirewall.htm

    PC Tools Firewall Plus 2.0 > http://www.pctools.com/firewall/download/



    Once you have done that scan yous system with both chosen programs and let them fix any malware they find.

    *************

    Now Download SDFix from here and save it to your desktop

    http://downloads.andymanchesta.com/R...ools/SDFix.zip

    Please then reboot your computer in Safe Mode by doing the following
    Restart your computer
    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    Instead of Windows loading as normal, a menu with options should appear;
    Select the first option, to run Windows in Safe Mode, then press "Enter".
    Choose your usual account.
    In Safe Mode, right click the SDFix.zip folder and choose Extract All
    Open the extracted folder and double click RunThis.bat to start the script.
    Type Y to begin the script.
    It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    Press any Key and it will restart the PC.
    Your system will take longer that normal to restart as the fixtool will be running and removing files.
    When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

    *************

    Finally, download Superantispyware here ....

    http://www.superantispyware.com/

    Again scan your computer with it and let it fix what it wants to.



    Open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" with a fresh HijackThis log AND an update on how the computer is operating now.


    OJ
    PLEASE DONATE. Help keep our site alive without ads.

    Help keep your computer protected. Read this > http://www.help2go.com/article152.html