Tech Support banner
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I have been having problems recently with my computer preforming very slowly. When ever I open up a new browser window it usually take a couple on minutes before I can do anything with it. I would greatly appreciate it if you could see if there are any problems with my computer and what I can do. I have run all the advised programs listed in this forum. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:07:28 AM, on 1/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\SKS~1\fast.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\?ssembly\?canregw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {0C35ED6E-72AC-790D-8A7B-7D12E244B0B7} - C:\WINDOWS\System32\fxu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C35ED6E-72AC-790D-8A7B-7D12E244B0B7} - C:\WINDOWS\System32\fxu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {84A52491-B753-BBA8-2251-EF5B505B64C7} - C:\WINDOWS\System32\yeuwnkgu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B2870B2B-C1CC-9F68-EA48-9E6C261801E9} - C:\WINDOWS\System32\csmll.dll (file missing)
O2 - BHO: (no name) - {E0087696-EF5E-B1AD-73E4-B49EF13755C3} - C:\WINDOWS\System32\kesajbs.dll (file missing)
O2 - BHO: (no name) - {F7F8CA2A-01EA-581E-9D1A-0BE55D6A10E2} - C:\WINDOWS\System32\dyfarq.dll (file missing)
O2 - BHO: (no name) - {F7F8CA2F-01EA-581E-9D1A-0BE5576210E7} - C:\WINDOWS\System32\dyfarq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\SKS~1\fast.exe" -vt ndrv
O4 - HKCU\..\Run: [Rmgv] C:\Program Files\Common Files\?ssembly\?canregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6365A5B-8C76-43C7-9325-78A1F588A764}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs:
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Here you go

Diagnostic Report (1.5.0723.1):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Windows Product Key: *****-*****-2CXKV-GMP22-HF2BQ
Windows Product Key Hash: 25dG7mX6zCS/Ri0MYOSCvb3ct0w=
Windows Product ID: 55277-OEM-2111907-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {EE8E2F23-01DF-444F-8DA1-7280053C5D89}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Failed to retrieve file version. - 0x80070006
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic:
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3175-80070002_B4D0AA8B-469-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EE8E2F23-01DF-444F-8DA1-7280053C5D89}</UGUID><Version>1.5.0723.1</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><PKey>*****-*****-*****-*****-HF2BQ</PKey><PID>55277-OEM-2111907-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-2165517387-4271176276-1453689397</SID><SYSTEM><Manufacturer>Compaq</Manufacturer><Model>Presario</Model></SYSTEM><BIOS><Manufacturer>Compaq</Manufacturer><Version>686P9 v1.03</Version><SMBIOSVersion major="2" minor="3"/><Date>20011018******.******+***</Date><SLPBIOS>Compaq,Compaq</SLPBIOS></BIOS><HWID>A7613B9F0184C046</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Compaq</name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>
 

·
Security Team (ret.)
Joined
·
7,403 Posts
I need you to vaildate Xp and the get SP 1 and all critical updates before we start the cleanup. It is this forum's policy to stop the disinfection process until these basic updates are done.


http://www.microsoft.com/windowsxp/using/setup/winxp/validate.mspx


Please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2).. SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/download/5/4/f/54f8bcf8-bb4d-4613-8ee7-db69d01735ed/xpsp1a_en_x86.exe
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #7 ·
Logfile of HijackThis v1.99.1
Scan saved at 6:43:16 PM, on 1/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\SKS~1\fast.exe
C:\Program Files\Common Files\?ssembly\?canregw.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {F540D618-1BD1-4020-F19C-134497834FB4} - C:\WINDOWS\System32\lfblci.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {84A52491-B753-BBA8-2251-EF5B505B64C7} - C:\WINDOWS\System32\yeuwnkgu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B2870B2B-C1CC-9F68-EA48-9E6C261801E9} - C:\WINDOWS\System32\csmll.dll (file missing)
O2 - BHO: (no name) - {E0087696-EF5E-B1AD-73E4-B49EF13755C3} - C:\WINDOWS\System32\kesajbs.dll (file missing)
O2 - BHO: (no name) - {F540D618-1BD1-4020-F19C-134497834FB4} - C:\WINDOWS\System32\lfblci.dll
O2 - BHO: (no name) - {F7F8CA2A-01EA-581E-9D1A-0BE55D6A10E2} - C:\WINDOWS\System32\dyfarq.dll (file missing)
O2 - BHO: (no name) - {F7F8CA2F-01EA-581E-9D1A-0BE5576210E7} - C:\WINDOWS\System32\dyfarq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\SKS~1\fast.exe" -vt ndrv
O4 - HKCU\..\Run: [Rmgv] C:\Program Files\Common Files\?ssembly\?canregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6365A5B-8C76-43C7-9325-78A1F588A764}: NameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
 

·
Security Team (ret.)
Joined
·
7,403 Posts
1. Download combofix from here.

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


==================================


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe.Run the application.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd


Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Please post:
c:\rapport.txt
Combo.txt
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top