PC running slow + Task Manager Disabled + No Folder Option - Page 2

**Cookiegal** · 09-Jul-2007, 06:38 PM **#16**

If the I drive is a removable drive, then it's likely infected as well.

_MuHaI_ · 09-Jul-2007, 07:39 PM **#17**

nope... they aint restored =(

**Cookiegal** · 09-Jul-2007, 07:42 PM **#18**

Did you get confirmation the file merged into the registry and did you reboot after running the regfix?

_MuHaI_ · 09-Jul-2007, 07:49 PM **#19**

Umm... i dint get any confirmation thing... i hear a "Windows Error" typo sound after double clicking the file...

**Cookiegal** · 09-Jul-2007, 08:05 PM **#20**

Try right clicking the file this time and select "merge".

Reboot after and let me know how things are.

_MuHaI_ · 09-Jul-2007, 08:08 PM **#21**

The same thing happens... what do i do now?

**Cookiegal** · 09-Jul-2007, 08:16 PM **#22**

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

In the Processes group click ALL
In the Win32 Services group click ALL
In the Driver Services group click ALL
In the Registry group click ALL
In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
In the File String Search group select ALL
in the Additional scans sections please press select ALL
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.

Upload the report as an attachment please.

_MuHaI_ · 10-Jul-2007, 11:08 AM **#23**

file is too large fer an attachment...
i've uploaded it here http://www.megaupload.com/?d=9RU6E900

**Cookiegal** · 10-Jul-2007, 11:19 AM **#24**

It's only slightly too big so please upload it here as two attachments.

_MuHaI_ · 10-Jul-2007, 12:21 PM **#25**

uh huh... okkeh

_MuHaI_ · 10-Jul-2007, 12:37 PM **#26**

PC gone veryyyyyyy slow

**Cookiegal** · 10-Jul-2007, 05:18 PM **#27**

Disconnect from the Internet and disable your anti-virus and firewall programs. Be sure to remember to re-start them before going on-line again.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Copy and paste the information in the code box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.

Code:

[Kill Explorer]
[Unregister Dlls]
[Processes - All]
YY -> ssvichosst.exe -> %System32%\SSVICHOSST.exe
YY -> ssvichosst.exe -> %System32%\SSVICHOSST.exe
[Registry - All]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Yahoo Messengger -> %System32%\SSVICHOSST.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> winjrs32 -> injrs32.dll
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NofolderOptions -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1
[Files/Folders - Created Within 30 days]
NY -> SSVICHOSST.exe -> %SystemRoot%\SSVICHOSST.exe
NY -> muzika.xm -> %System32%\muzika.xm
NY -> SSVICHOSST.exe -> %System32%\SSVICHOSST.exe
NY -> winjrs32.dll -> %System32%\winjrs32.dll
[Files/Folders - Modified Within 30 days]
NY -> winjrs32.dll -> %System32%\winjrs32.dll
[Empty Temp Folders]
[Start Explorer]
[Reboot]

**Cookiegal** · 10-Jul-2007, 05:22 PM **#28**

Also, there was an error in the event viewer that says your CDRom and that can mean anything from it was a faulty or dirty CD to the drive needs to be replaced.

Also, I'd like you to right click on this file and select "open with" and Notepad and copy and paste the contents here please. This could be legit or it could be set to run something malicious.

C:\system32\autorun.ini

_MuHaI_ · 10-Jul-2007, 06:54 PM **#29**

PC seem to perform well =)....thank you so much.... i dont have "autorun.ini" in C:\windows\system32" =(

_MuHaI_ · 10-Jul-2007, 06:59 PM **#30**

WinPFind3u log:-
Explorer killed successfully
[Processes - All]
Process ssvichosst.exe killed successfully.
C:\WINDOWS\SYSTEM32\SSVICHOSST.exe moved successfully.
Unable to kill process ssvichosst.exe .
File C:\WINDOWS\SYSTEM32\SSVICHOSST.exe not found.
[Registry - All]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Yahoo Messengger deleted successfully.
File C:\WINDOWS\SYSTEM32\SSVICHOSST.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjrs32 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er\\NofolderOptions deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\DisableRegistryTools deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SSVICHOSST.exe moved successfully.
C:\WINDOWS\SYSTEM32\muzika.xm moved successfully.
File C:\WINDOWS\SYSTEM32\SSVICHOSST.exe not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winjrs32.dll
C:\WINDOWS\SYSTEM32\winjrs32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\winjrs32.dll moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\winjrs32.dll not found!
[Empty Temp Folders]
C:\DOCUME~1\YaMeeN\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\YaMeeN\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 07/10/2007 15:45:34

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:58:41 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Flashy.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Robot Genius\Spyberus\RgView.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\YaMeeN\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Robot Genius - {1FD7EA94-0650-4CF5-ACFF-CDB36A6E924F} - C:\Program Files\Robot Genius\Spyberus\RgWinId.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RGLauncher] C:\Program Files\Robot Genius\Spyberus\Spyberus.exe /S
O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: systemID.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{679E637F-12B7-42C0-BAE8-7DF2129BDD7B}: NameServer = 192.168.30.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\ROBOTG~1\Spyberus\RGIEMon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Tag Cloud
access acer asus batch bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network printer problem ram registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!