Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 23:19
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > neep help with my computer acting up
Show topics
 
Forums
Forums
NEEP help with my computer acting up
  Jump to:
 
Posted Message
epekbrick
Member
_ 		6. February 2008 @ 10:13 _ Link to this message    Send private message to this user   
hello afterdawn i need help with my comp earlier today um my computer started running slow um i looked into it and i think the problem is something about a virus? or spyware can someone help me with this problem i tried but i need to purchase programs but dont know if that will work help me please with another solution i have an emachine T-series, model t2240 window xp professional please help
[ + quote]
bo ya
Advertisement
_ 		__
echoreply
Member
_ 		6. February 2008 @ 21:56 _ Link to this message    Send private message to this user   
Quote:
i need to purchase programs but dont know if that will work
I assume you have updated Antivirus

There are several excellent anti-malware apps (free):

superantispyware
http://www.superantispyware.com/download...ANTISPYWAREFREE

avg antispyware:
http://free.grisoft.com/doc/20/us/frt/0

spybot search and destroy:
http://www.safer-networking.org/en/download/index.html

download, install update one or two of the above and do complete scan
---------------------------------------------------
also need a reference as a starting point like a hjt log:

HiJackThis log - Trend Micro HijackThis 2.0.2

http://www.trendsecure.com/portal/en-US/.../HJTInstall.exe

* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into your next reply.


echoreply
[ + quote]
http://www.virusvault.us/
epekbrick
Member
_ 		8. February 2008 @ 09:18 _ Link to this message    Send private message to this user   
this is before i used any of the free programs i will copy and paste another after i use the spybot, here it is but what is this for again?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:45 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\U1dZQw\command.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\F6F7FFFF0301FF.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QdrModule\QdrModule12.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr .exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\QdrModule\QdrModule12 .exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched .exe
C:\Program Files\QdrPack\QdrPack12 .exe
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Insider\Insider .exe
C:\Program Files\VIA\RAID\raid_tool .exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?s=speeditup&g=1&pc...&sd2=73&sd3=207
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttt.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1339CFCF-7477-0AFF-5766-5C00CBCD8FEB} - C:\WINDOWS\system32\srmdgya.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hggdcca.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7FD22EBC-B356-4A26-8A60-E372CE01DE3F} - C:\Program Files\Outlook Express\hokelotu455101.dll (file missing)
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll
O2 - BHO: {4e512efe-418a-35c8-1a24-f70f37db89b8} - {8b98bd73-f07f-42a1-8c53-a814efe215e4} - C:\WINDOWS\system32\emvqxkpj.dll (file missing)
O2 - BHO: (no name) - {A036743D-EA11-434C-B0BC-62A7D9F05C58} - C:\WINDOWS\system32\ssttt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [c09cbd84] rundll32.exe "C:\WINDOWS\system32\nmwfkgmc.dll",b
O4 - HKLM\..\Run: [595A626265636262] F6F7FFFF0301FF.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Fdulwlt] "C:\Documents and Settings\administrator\Application Data\s?mbols\?hkntfs.exe"
O4 - HKCU\..\Run: [c09cbd84] rundll32.exe "C:\WINDOWS\system32\jiguiolg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/s...b?1194414329984
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1193919521140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1193919476218
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: hggdcca - C:\WINDOWS\SYSTEM32\hggdcca.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U1dZQw\command.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7357 bytes
[ + quote]
bo ya

This message has been edited since posting. Last time this message was edited on 8. February 2008 @ 09:35
echoreply
Member
_ 		9. February 2008 @ 15:14 _ Link to this message    Send private message to this user   
Quote:
here it is but what is this for again?
this (hjt) is a starting point, it will help to show where malware might be running from and if any special removal tools would be helpful.
and you have plenty of malware present.

i would do this as soon as possible:
Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
[ + quote]
http://www.virusvault.us/
epekbrick
Member
_ 		9. February 2008 @ 15:24 _ Link to this message    Send private message to this user   
um how do close anti virus?
[ + quote]
bo ya
Advertisement
_ 		__
 
_
echoreply
Member
_ 		9. February 2008 @ 21:30 _ Link to this message    Send private message to this user   
Quote:
um how do close anti virus?
click the icon by the clock and chose exit or disable, should be a choice there somewhere for closing it down.
[ + quote]
http://www.virusvault.us/
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > neep help with my computer acting up
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork