hello afterdawn i need help with my comp earlier today um my computer started running slow um i looked into it and i think the problem is something about a virus? or spyware can someone help me with this problem i tried but i need to purchase programs but dont know if that will work help me please with another solution i have an emachine T-series, model t2240 window xp professional please help
I assume you have updated Antivirus There are several excellent anti-malware apps (free): superantispyware http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE avg antispyware: http://free.grisoft.com/doc/20/us/frt/0 spybot search and destroy: http://www.safer-networking.org/en/download/index.html download, install update one or two of the above and do complete scan --------------------------------------------------- also need a reference as a starting point like a hjt log: HiJackThis log - Trend Micro HijackThis 2.0.2 http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe * Save HJTInstall.exe to your desktop. * Doubleclick on the HJTInstall.exe icon on your desktop. * By default it will install to C:\Program Files\Trend Micro\HijackThis . * Click on Install. * It will create a HijackThis icon on the desktop. * Once installed, it will launch Hijackthis. * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. * Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log into your next reply. echoreply
this is before i used any of the free programs i will copy and paste another after i use the spybot, here it is but what is this for again? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:14:45 AM, on 2/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\U1dZQw\command.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\F6F7FFFF0301FF.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\QdrModule\QdrModule12.exe C:\Program Files\QdrPack\QdrPack12.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr .exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE C:\Program Files\QdrModule\QdrModule12 .exe C:\Program Files\Java\jre1.5.0_09\bin\jusched .exe C:\Program Files\QdrPack\QdrPack12 .exe C:\Program Files\Dot1XCfg\Dot1XCfg .exe C:\Program Files\Insider\Insider .exe C:\Program Files\VIA\RAID\raid_tool .exe C:\WINDOWS\System32\alg.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?s=speeditup&g=1&pc=43698&bd1=51&bd2=51&bd3=180&ipc=US&sd1=60&sd2=73&sd3=207 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttt.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1339CFCF-7477-0AFF-5766-5C00CBCD8FEB} - C:\WINDOWS\system32\srmdgya.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hggdcca.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7FD22EBC-B356-4A26-8A60-E372CE01DE3F} - C:\Program Files\Outlook Express\hokelotu455101.dll (file missing) O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll O2 - BHO: {4e512efe-418a-35c8-1a24-f70f37db89b8} - {8b98bd73-f07f-42a1-8c53-a814efe215e4} - C:\WINDOWS\system32\emvqxkpj.dll (file missing) O2 - BHO: (no name) - {A036743D-EA11-434C-B0BC-62A7D9F05C58} - C:\WINDOWS\system32\ssttt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [c09cbd84] rundll32.exe "C:\WINDOWS\system32\nmwfkgmc.dll",b O4 - HKLM\..\Run: [595A626265636262] F6F7FFFF0301FF.exe O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Fdulwlt] "C:\Documents and Settings\administrator\Application Data\s?mbols\?hkntfs.exe" O4 - HKCU\..\Run: [c09cbd84] rundll32.exe "C:\WINDOWS\system32\jiguiolg.dll",b O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1194414329984 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193919521140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193919476218 O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll O20 - Winlogon Notify: hggdcca - C:\WINDOWS\SYSTEM32\hggdcca.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U1dZQw\command.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7357 bytes
this (hjt) is a starting point, it will help to show where malware might be running from and if any special removal tools would be helpful. and you have plenty of malware present. i would do this as soon as possible: Download combofix from one of these links and save it to Desktop: http://subs.geekstogo.com/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe as a precaution, before using combofix: Close any open windows Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
click the icon by the clock and chose exit or disable, should be a choice there somewhere for closing it down.
