|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
BAD VIRUS...computer slow
Hello Cybertech,
i need help with My laptop it's really bad. Here is my hijackthis log. I hope someone can help me out with this Logfile of HijackThis v1.99.1 Scan saved at 2:01:59 PM, on 6/22/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/ R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O1 - Hosts: 84.252.148.113 www.affinityfcu.org O1 - Hosts: 84.252.148.113 affinityfcu.org O1 - Hosts: 84.252.148.113 www.azfcu.org O1 - Hosts: 84.252.148.113 azfcu.org O1 - Hosts: 84.252.148.113 www.zionbank.com O1 - Hosts: 84.252.148.113 zionbank.com O1 - Hosts: 84.252.148.113 www.royalbank.com O1 - Hosts: 84.252.148.113 royalbank.com O1 - Hosts: 84.252.148.113 www.desjardins.com O1 - Hosts: 84.252.148.113 desjardins.com O1 - Hosts: 84.252.148.113 www.suncoastfcu.org O1 - Hosts: 84.252.148.113 suncoastfcu.org O1 - Hosts: 84.252.148.113 capitalone.com O1 - Hosts: 84.252.148.113 www.capitalone.com O1 - Hosts: 84.252.148.113 www.bankofamerica.com O1 - Hosts: 84.252.148.113 bankofamerica.com O1 - Hosts: 84.252.148.113 www.chase.com O1 - Hosts: 84.252.148.113 chase.com O1 - Hosts: 84.252.148.113 www.southtrust.com O1 - Hosts: 84.252.148.113 southtrust.com O1 - Hosts: 84.252.148.113 www.wachovia.com O1 - Hosts: 84.252.148.113 wachovia.com O1 - Hosts: 84.252.148.113 www.wellsfargo.com O1 - Hosts: 84.252.148.113 wellsfargo.com O1 - Hosts: 84.252.148.113 www.citi.com O1 - Hosts: 84.252.148.113 citi.com O1 - Hosts: 84.252.148.113 www.citibank.com O1 - Hosts: 84.252.148.113 citibank.com O1 - Hosts: 84.252.148.113 www.etrade.com O1 - Hosts: 84.252.148.113 etrade.com O1 - Hosts: 84.252.148.113 www.neteller.com O1 - Hosts: 84.252.148.113 neteller.com O1 - Hosts: 84.252.148.113 tcfbank.com O1 - Hosts: 84.252.148.113 www.tcfbank.com O1 - Hosts: 84.252.148.113 comerica.com O1 - Hosts: 84.252.148.113 www.comerica.com O1 - Hosts: 84.252.148.113 www.3riversfcu.org O1 - Hosts: 84.252.148.113 3riversfcu.org O1 - Hosts: 84.252.148.113 www.53.com O1 - Hosts: 84.252.148.113 53.com O1 - Hosts: 84.252.148.113 www.bbt.com O1 - Hosts: 84.252.148.113 bbt.com O1 - Hosts: 84.252.148.113 www.cnbwax.com O1 - Hosts: 84.252.148.113 cnbwax.com O1 - Hosts: 84.252.148.113 www.cwbk.com O1 - Hosts: 84.252.148.113 cwbk.com O1 - Hosts: 84.252.148.113 www.edsefcu.org O1 - Hosts: 84.252.148.113 edsefcu.org O1 - Hosts: 84.252.148.113 www.firstusa.com O1 - Hosts: 84.252.148.113 firstusa.com O1 - Hosts: 84.252.148.113 www.frontierbank.com O1 - Hosts: 84.252.148.113 frontierbank.com O1 - Hosts: 84.252.148.113 www.gncu.org O1 - Hosts: 84.252.148.113 gncu.org O1 - Hosts: 84.252.148.113 www.householdbank.com O1 - Hosts: 84.252.148.113 householdbank.com O1 - Hosts: 84.252.148.113 www.icicibank.com O1 - Hosts: 84.252.148.113 icicibank.com O1 - Hosts: 84.252.148.113 www.mbna.com O1 - Hosts: 84.252.148.113 mbna.com O1 - Hosts: 84.252.148.113 www.mibank.com O1 - Hosts: 84.252.148.113 mibank.com O1 - Hosts: 84.252.148.113 www.midamericabank.com O1 - Hosts: 84.252.148.113 midamericabank.com O1 - Hosts: 84.252.148.113 www.myindymacbank.com O1 - Hosts: 84.252.148.113 myindymacbank.com O1 - Hosts: 84.252.148.113 www.nafcunet.org O1 - Hosts: 84.252.148.113 nafcunet.org O1 - Hosts: 84.252.148.113 www.nationalcity.com O1 - Hosts: 84.252.148.113 nationalcity.com O1 - Hosts: 84.252.148.113 www.cnb.com O1 - Hosts: 84.252.148.113 cnb.com O1 - Hosts: 84.252.148.113 www.nationwide.com O1 - Hosts: 84.252.148.113 nationwide.com O1 - Hosts: 84.252.148.113 www.netbank.com O1 - Hosts: 84.252.148.113 netbank.com O1 - Hosts: 84.252.148.113 www.netbank.com O1 - Hosts: 84.252.148.113 netbank.com.au O1 - Hosts: 84.252.148.113 www.netbank.com.au O1 - Hosts: 84.252.148.113 www.commbank.com.au O1 - Hosts: 84.252.148.113 www.postfinance.com O1 - Hosts: 84.252.148.113 postfinance.com O1 - Hosts: 84.252.148.113 www.providian.com O1 - Hosts: 84.252.148.113 providian.com O1 - Hosts: 84.252.148.113 www.sbbt.com O1 - Hosts: 84.252.148.113 sbbt.com O1 - Hosts: 84.252.148.113 www.sears.com O1 - Hosts: 84.252.148.113 sears.com O1 - Hosts: 84.252.148.113 telcomcu.com O1 - Hosts: 84.252.148.113 www.telcomcu.com O1 - Hosts: 84.252.148.113 www.tcuonline.org O1 - Hosts: 84.252.148.113 tcuonline.org O1 - Hosts: 84.252.148.113 www.uofcfcu.com O1 - Hosts: 84.252.148.113 uofcfcu.com O1 - Hosts: 84.252.148.113 www.usaa.com O1 - Hosts: 84.252.148.113 usaa.com O1 - Hosts: 84.252.148.113 www.warrenfcu.com O1 - Hosts: 84.252.148.113 warrenfcu.com O1 - Hosts: 84.252.148.113 visionsfcu.org O1 - Hosts: 84.252.148.113 www.visionsfcu.org O1 - Hosts: 84.252.148.113 www.tcfexpress.com O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\jjvrlpgr.dll",realset O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKLM\..\Run: [clcl11] C:\WINDOWS\System32\clcl11.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freewar...yprotector.cab O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freewar...yprotector.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe (file missing) O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - C:\Documents and Settings\Esther\ie_updater.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe O23 - Service: vwservice - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing) Reply With Quote |
#2
|
||||
|
||||
Howdy again jvargus,
Looks like when Anthony10 was unavailable in your last thread myself or others missed you had responded. Truth is jvargus this system is not a working model for internet use. It remains heavily infected, and is only getting worse and worse as time goes by. XP cannot be run without both SP2 and seriously necessary security patches, and your system is an example of why. Although I personally prefer the challenge of assisting with such heavily infected computers, in truth this system has never quite achieved normal status through our forum's assistance, and is not likely to ever get there. You need to offload data you wish to save and reinstall XP (adding SP2 and all updates), in order to get a fresh and more secure start of things. |
#3
|
||||
|
||||
I really do need to add that those Hosts changes there indicate any secure transactions you have done with this system can be assumed compromised, so any banking information or passwords have likely been passed along to other computers for illegal use. You will want to act on that by making any secure site access changes and contacting any credit card/bank companies with whom you have done online business to alert them to the possible compromises.
|
#4
|
|||
|
|||
hey tom,
i will have to do that. thanks a lot for the help |
#5
|
||||
|
||||
Truly the right choice - I wouldn't suggest it unless I would make the same choice for my own system.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus/pop-ups/slow computer | danielrp | Malware Removal | 37 | July 31st, 2014 12:24 AM |
Had virus, cleaned it - now computer is really slow | lokhnes | Malware Removal | 3 | January 11th, 2011 05:48 AM |
Slow Computer, possible virus | jturne5 | Malware Removal | 4 | June 27th, 2009 03:38 AM |
virus, slow computer | shadowfax | Malware Removal | 9 | May 4th, 2008 11:32 AM |
Help! Computer virus is rendering my computer slow and popup madness | pallaver | Windows XP | 1 | September 26th, 2006 12:09 AM |
All times are GMT +1. The time now is 01:04 PM.