PC running slow + Task Manager Disabled + No Folder Option - Page 4

**Cookiegal** · 14-Jul-2007, 04:08 PM **#46**

Download the file UnHookExec.inf from the following link and save it to your desktop.

http://securityresponse.symantec.com...UnHookExec.inf

Note: The tool has an .inf file extension.

Locate the downloaded file on your desktop.

Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)

Rescan with HijackThis and fix these entries:

O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe

O4 - Startup: systemID.pif = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Run Avenger again using the following script. Be sure to include the line that says Files to delete:

Quote:

Files to delete:
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\SSVICHOSST.exe
C:\WINDOWS\system32\Flashy.exe
C:\Documents and Settings\YaMeeN\Start Menu\Programs\Startup\systemID.pif

Run the FixMu.reg file again the same way you did the last time.

Reboot and post a new HijackThis log please.

_MuHaI_ · 16-Jul-2007, 03:22 AM **#47**

hey sorry... i wasnt home fer two or three days... sorry for late reply.. and umm... i reinstalled WinXP yesterday... it worked fine till today morning....
m again attacked by taskmanager error.. and no folder option...
PC performance seem to be OK...

m posting a new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:19:47 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
D:\IDU\IDUServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
D:\IDU\iptray.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\SSVICHOSST.exe
D:\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Banglachat\mirc.exe
F:\back\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ipTray.exe] "D:\IDU\iptray.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{98DF8E0A-E121-47E8-B649-3FE6CDC397EE}: NameServer = 192.168.30.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - D:\IDU\IDUServ.exe

_MuHaI_ · 16-Jul-2007, 01:30 PM **#48**

pc gone slow again... what do i do?

_MuHaI_ · 16-Jul-2007, 03:57 PM **#49**

hello? =(

**Cookiegal** · 16-Jul-2007, 08:35 PM **#50**

Did you use a removeable drive again?

_MuHaI_ · 17-Jul-2007, 02:28 AM **#51**

Noo.. i didnt..

_MuHaI_ · 18-Jul-2007, 07:09 PM **#52**

gosh... this thing is killng me...

**Cookiegal** · 18-Jul-2007, 09:32 PM **#53**

What do you mean you reinstalled Windows? Did you just reinstall it over the top or did you reformat? If you wiped the drive and reformat, the infection would be gone. Is that an option for you now?

_MuHaI_ · 19-Jul-2007, 05:59 AM **#54**

I formatted C drive.... and re installed... i formatted all the drives except fer my "G" drive... i have all my music there.... is there anyway to get rid of this without formatting "G" drive?

_MuHaI_ · 20-Jul-2007, 09:19 AM **#55**

?????????

**Cookiegal** · 20-Jul-2007, 08:01 PM **#56**

Please do a search on all files witih the following name and let me know what files are found and where there located and the file extensions:

autorun

_MuHaI_ · 21-Jul-2007, 05:20 AM **#57**

nothing found except fer the ones from "Fifa 07(a video game)"

**Cookiegal** · 21-Jul-2007, 03:14 PM **#58**

Download GMER from: http://majorgeeks.com/download.php?det=5198

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click Copy. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.

_MuHaI_ · 24-Jul-2007, 12:07 PM **#59**

Hi

I am running GMER... its taking a lot of time....

just wanted to let you know sumtimes a message that says ""U?ng"+vàng++http://gaigoitanbinh.xlphp.net/" automatically pastes into text boxes(like MSN conversation window/ notepad)

is it a sort of ssvichost virus?

Result of GMER so far..

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-24 21:07:43
Windows 5.1.2600 Service Pack 2

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2644] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [017273CC] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[2536] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01727376] C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DL L

---- Devices - GMER 1.0.13 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A18600] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A18600] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A18600] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A18600] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A18600] avgtdi.sys

**Cookiegal** · 24-Jul-2007, 01:04 PM **#60**

See if you can run WinpFind3u again and post the log please.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router security server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!