1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Weird PC activity

Discussion in 'Windows XP' started by Knalatos, Jul 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
    Hey, I have a somewhat new PC, only about a month old. I bought a few computer games for my PC the same day I got the computer, they played fine. Up until recently my system has been acting weird, taking longer to load pages, taking longer to open programs, and gaming performance seems to have decreased. I scanned with norton antivirus, and ad-aware, cleaning up everything I found. Could you maybe take a look at my hijackthis log?

    Logfile of HijackThis v1.98.0
    Scan saved at 12:21:13 PM, on 7/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
    C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\interMute\PopSubtract\PopSub.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\nvsvc32.exe
    c:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\notepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Microsoft Update] webcam.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [t3rQ34S] rsreng.exe
    O4 - HKLM\..\Run: [indexm] C:\WINDOWS\System32\indexm.exe
    O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
    O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
    O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Microsoft Update] webcam.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab

    Any help would be appreciated.
     
  2. Sponsor

  3. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    Got another one with the Sasser worm or another variant of it! C:\WINDOWS\system32\lsass.exe Liz
     
  4. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
    Well.. any advice on how to get rid of it? My norton antivirus doesn't pick up that file and it has the latest update.
     
  5. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
  6. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
    I followed all the steps to the sasser removal tool, and scanned. The tool didn't find the sasser worm on my computer, what should I do now?
     
  7. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    ok try actually finding the file yourself and deleting it but only to the recycling bin at the moment, then run hijackthis again to see if it comes up
     
  8. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    actually i dont think youll be able to find the file in question

    instead do a search for the entire string....windows/system32 etc
     
  9. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
  10. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    its very hard to actually tell you see if thats the only file thats in there then most likely not the sasser but i thinks its one of the first files to become infected.

    a virus is just a cancer, a program what has nothing to do because its been replaced by an update. NOW I COMPARE IT TO A CANCER SIMPLY BECAUSE A DENIFITION OF A CANCER ARE DNA CELLS THAT HAVNT GOT ANYTHING TO DO, EG RED BLOOD CELLS CARRY OXYGEN, WHITE FIX BROKEN CELLS BUT ALL CANCER CELLS DO IS SIT THERE GETTING BIGGER AND INFECTING MORE AND MORE CELLS.

    what im saying is if that file is no longer in use then its deep in your system so perfect place for a virus to attack and thats were sasser starts or in some cases that empty files will cause a virus.
     
  11. southernlady

    southernlady

    Joined:
    May 6, 2004
    Messages:
    1,928
    And if you go type "lsass.exe" into the search feature of Norton, you will find 38 defintions of this including: W32.Sasser.F.Worm Liz
     
  12. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    if your antivirus is saying its not there and the removel tools are too then its most likely not infected and as long as your careful then you should be safe but if your experiencing problems well have to find the cause:

    tell me whats happening
    when it started
    what operating system
    what protection system you have (antivirus,repair tools)
     
  13. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
    Well.. like I said. My computer is acting slow, especially while playing online games. This didn't happen in the past. This whole thing started when I installed McAfee security center, a CD of it came in the mail. Once it was installed, the computer kept on freezing once it got to the desktop on startup. I couldnt get to system restore, so i used system recovery. Once my computer was done, somehow it became infected with heaps of spyware and a few viruses. I have several antispyware tools, zonealarm, adaware, spywareguard, and such. I guess this started happening about a week and a half ago. Does anything in the hijackthis log i posted look suspicious?
     
  14. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    i hate macafee it loves to check everything you do before it allows you to complete what you doing

    so first thing uninstall that and replace it with another antivirus system of your choice
     
  15. Knalatos

    Knalatos Thread Starter

    Joined:
    Jul 4, 2004
    Messages:
    20
    I've already done that. McAfee is gone and i'm using Norton.
     
  16. grimreapor

    grimreapor

    Joined:
    Jun 28, 2004
    Messages:
    198
    well i can see to spy ware programs search assisstant and my search bar there at a glance
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/246343