Hey thanks for the people who atleast read this topic....anyway the problem is that my computer does fine and everything but every now and than my computer will slow down for 3 minutes and than go back to normal but 5 minutes after that it will do its slow processin again. im not sure wuts wrong. i can have 1 thing up on the screen and it will still do the slow thing. It slows down durin anything on my comp. i could just have Firefox up looken at youtube videos and it will still go slow. Well here is my specs. Pentium(R) 4 CPU 1.80GHz 1.79 GHz, 1.00 GB of RAM NVIDIA Geforce 2 MX 100/200 I also did a HiJack This on my comp and this is the results of the log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:42 PM, on 3/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitComet\BitComet.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- End of file - 4937 bytes I knotice i got 2 Processes that pop up alot (Wmiprvse.exe and Imapi.exe. i knotice i also got a high System Idle Process that uses 99% of CPU Please Help Once More. Im Always Grateful
Hey Newnie, I'm currently reviewing your log now, please do not fix/download anything during this period so as to prevent infection/damage to your system. It may take a while for me to come up with a fix for you, but rest assured that I will get to you as soon as I'm done with planning the fix. Thanks for your patience. ~Ltangel~
Thanks man, i really appreciate it. Although i did reinstall my windows, it still does the same problem and i pretty much still have the same log as before. im thinkin its maybe hardware problems.
Hey Newnie, Please read the entire instructions before commencing, if you have anything you don't understand, feel free to ask. It's best that you print out the instructions for later reference, we may need to reboot in between the fixing. Run Combofix Let's dig a little deeper and see what's hiding in your computer. Disable your Spybot Teatimer and AVG anti-virus as they will prevent ComboFix from working. Disable Teatimer 1. Run Spybot-S&D in Advanced Mode. 2. If it is not already set to do this Go to the Mode menu select "Advanced Mode" 3. On the left hand side, Click on Tools 4. Then click on the Resident Icon in the List 5. Uncheck "Resident TeaTimer" and OK any prompts. 6. Restart your computer. Disable AVG * Double click in the AVG icon in Systray * Double click on Resident Shield, UNcheck Turn on AVG Free Resident Shield. Then click Apply. * Close AVG. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. Disconnect from the Internet while running ComboFix. Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Do NOT run ComboFix more than once. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Do not run Combofix more than once. In case you see a sed.cfexe error with the option to send a report or not, choose "don't send". The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. -------------------------------------------------------------------- In your next reply, please include: Fresh HijackThis log C:\ComboFix.txt Description of how your PC is doing
Here you go LTangel. Both are here. ComboFix 08-03-04.3 - Funarulez.com 2008-03-04 16:58:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.722 [GMT 3:00] Running from: C:\Documents and Settings\Funarulez.com\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))) . 2008-03-04 16:56 . 2008-03-04 16:56 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-04 16:52 . 2008-03-04 16:52 <DIR> d-------- C:\Documents and Settings\Funarulez.com\Application Data\vlc 2008-03-04 15:43 . 2008-03-04 15:43 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-03 21:30 . 2008-03-03 21:30 <DIR> d-------- C:\Program Files\Codemasters 2008-03-03 21:02 . 2004-08-04 01:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2008-03-03 21:02 . 2004-08-04 02:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-03-03 21:01 . 2004-08-04 02:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2008-03-03 21:01 . 2004-08-04 02:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-03-03 21:01 . 2004-08-04 02:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2008-03-03 21:01 . 2001-08-17 17:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2008-03-03 21:01 . 2004-08-04 02:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-03-03 21:01 . 2004-08-04 01:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-03-03 21:01 . 2004-08-04 01:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-03-03 21:01 . 2004-08-04 01:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2008-03-03 21:01 . 2001-08-17 16:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-03-03 21:01 . 2004-08-04 02:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2008-03-03 21:00 . 2004-08-04 01:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-03-03 21:00 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-03-03 19:53 . 2008-03-03 19:53 1,167 --a------ C:\WINDOWS\mozver.dat 2008-03-03 19:29 . 2008-03-03 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-03-03 19:27 . 2008-03-03 19:28 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-03 19:17 . 2008-03-04 06:14 <DIR> d-------- C:\Downloads 2008-03-03 19:17 . 2008-03-03 19:17 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2008-03-03 19:16 . 2008-03-03 19:52 <DIR> d-------- C:\Program Files\BitComet 2008-03-03 19:03 . 2008-03-03 19:03 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 17:04 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-03 15:11 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-15 18:07 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-01-15 18:07 1,580,544 ----a-w C:\WINDOWS\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-04 15:00 99840 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65525:TCP"= 65525:TCP:Bitcom1 "19166:TCP"= 19166:TCP:BitComet 19166 TCP "19166:UDP"= 19166:UDP:BitComet 19166 UDP "65525:UDP"= 65525:UDP:BitComet 65525 UDP *Newly Created Service* - UPNPHOST . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 16:59:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-04 17:00:18 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:02:26 PM, on 3/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTFMON.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/ R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- End of file - 3995 bytes
Hey Newnie, Thanks for posting the ComboFix and HijackThis logs. Please read the entire instructions before commencing, if you have anything you don't understand, feel free to ask. It's best that you print out the instructions for later reference, we may need to reboot in between the fixing. Find directory of execution file Please go to Windows Explorer (Start>Search) and click on "All files and folders". Then type in Wmiprvse.exe and click "Search". When the search is done, it should tell you which directory it resides in, please post and tell me the location of that file. Note: If you cannot find the file first time, please do the following: Go to Control Panel>Appearance and Themes>Folder Options and go under "View" tab. Ensure that "Show hidden files and folders" is selected and click Apply. Try searching the file again. ------------------------------------------------------------------- Fix CoolWebSearch infection Download CWShredder Here to its own folder. Update CWShredder [*]Open CWShredder and click I AGREE [*]Click Check For Update [*]Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows. ------------------------------------------------------------------- Scan with SUPERAntiSpyware 1. Download and install SUPERAntiSpyware and double-click the icon on your desktop to run it. 2. It will ask if you want to update the program definitions, click Yes. 3. Under Configuration and Preferences, click the Preferences button. 4. Click the Scanning Control tab. 5. Under Scanner Options make sure the following are checked: 1. Close browsers before scanning 2. Scan for tracking cookies 3. Terminate memory threats before quarantining. 4. Please leave the others unchecked. 5. Click the Close button to leave the control center screen. 6. On the main screen, under Scan for Harmful Software click Scan your computer. 7. On the left check C:\Fixed Drive. 8. On the right, under Complete Scan, choose Perform Complete Scan. 9. Click Next to start the scan. Please be patient while it scans your computer. 10. After the scan is complete a summary box will appear. Click OK. 11. Make sure everything in the white box has a check next to it, then click Next. 12. It will quarantine what it found and if it asks if you want to reboot, click Yes. 13. To retrieve the removal information for me please do the following: 1. After reboot, double-click the SUPERAntispyware icon on your desktop. 2. Click Preferences. Click the Statistics/Logs tab. 3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. 4. It will open in your default text editor (such as Notepad/Wordpad). 5. Please highlight everything in the notepad, then right-click and choose copy. 14. Click close and close again to exit the program. ------------------------------------------------------------------- Clean your temporary files Download ATF Cleaner. *Double-click ATF-Cleaner.exe. * Under Main tab choose "Select All". * Click the Empty Selected button. If you use Firefox browser Click Firefox and choose Select All Click the Empty Selected button. If you use Opera browser Click Opera at the top and choose Select All Click the Empty Selected button. Click Exit to close the program. -------------------------------------------------------------------- In your next reply, please include: Fresh HijackThis log SuperAntispyware Scan log Description of how your PC is doing (any problems) Go! ~Ltangel~
Alright, CWshredder didnt find anything in safe mode. My Wmipvrse file is in C:\WINDOWS\system32\wbem Here is the log for SuperAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/05/2008 at 08:23 PM Application Version : 3.9.1008 Core Rules Database Version : 3414 Trace Rules Database Version: 1406 Scan type : Complete Scan Total Scan Time : 00:25:30 Memory items scanned : 277 Memory threats detected : 0 Registry items scanned : 3197 Registry threats detected : 0 File items scanned : 14613 File threats detected : 5 Adware.Tracking Cookie C:\Documents and Settings\Funarulez.com\Cookies\funarulez.com@atdmt[2].txt C:\Documents and Settings\Funarulez.com\Cookies\funarulez.com@apmebf[1].txt C:\Documents and Settings\Funarulez.com\Cookies\funarulez.com@doubleclick[1].txt C:\Documents and Settings\Funarulez.com\Cookies\funarulez.com@questionmarket[2].txt C:\Documents and Settings\Funarulez.com\Cookies\funarulez.com@ad.yieldmanager[2].txt And this here is a fresh new Hijack This Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:02 PM, on 3/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.com/ R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- End of file - 4238 bytes I went and played a game that usually does the slow thing after all of this was completed and it still does the slow processin. But i knoticed also that my System Idle Process was at 00 while playing the game. Hope this helps.
Hey Newnie, Sorry for the delay, real life has been really busy for me. Run Combofix Let's dig a little deeper and see what's hiding in your computer. Disable your AVG anti-virus and Spybot Teatimer as they will prevent ComboFix from working. Disable AVG * Double click in the AVG icon in Systray * Double click on Resident Shield, UNcheck Turn on AVG Free Resident Shield. Then click Apply. * Close AVG. Disable Teatimer 1. Run Spybot-S&D in Advanced Mode. 2. If it is not already set to do this Go to the Mode menu select "Advanced Mode" 3. On the left hand side, Click on Tools 4. Then click on the Resident Icon in the List 5. Uncheck "Resident TeaTimer" and OK any prompts. 6. Restart your computer. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. Disconnect from the Internet while running ComboFix. Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Do NOT run ComboFix more than once. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Do not run Combofix more than once. In case you see a sed.cfexe error with the option to send a report or not, choose "don't send". The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. -------------------------------------------------------------------- In your next reply: Fresh HijackThis log C:/ComboFix.txt
