 [Resolved] I have some baddies after format of XP Home, Format and still slow |
Welcome! Register for a free account (or login) > How does it work?
|
|
  Nov 1 2009, 02:01 AM
Post
#61
|
|
|
Authentic Member  Group: Authentic Member Posts: 117 Joined: 27-October 07 From: St. Joseph, TN (USA) Member No.: 73,804 Operating System: XP Home  |
Hello,
I think I had some bad ware on my computer but I thought I got it all off but I guess I didn't... Anyway, I re-formatted this evening after for about 2 or 3 weeks of going slower and slower. Everything went fine, but about 30 minutes or an hour it all of a sudden started like starting and stopping, almost like slipping and sticking friction wise. Sometimes its slow... Iv'e noticed, that I have more svchost.exe and I think one more explorer.exe. I ran Malwarebytes Anti-malware and it fount 5 baddies, and I deleted them all. I re-started and all was going good until like maybe 10 or 15 minutes and then it started doing like it was before, and the baddies came back. And it's slow on shut down too I will put my Malwarebytes Anti-malware log and my HJT log. Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 2 11/1/2009 1:22:23 AM mbam-log-2009-11-01 (01-22-17).txt Scan type: Full Scan (C:\|) Objects scanned: 56967 Time elapsed: 15 minute(s), 43 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: c:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:49:00 AM, on 11/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\windows\system32\explorer.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe c:\windows\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\SpywareGuard\sgmain.exe c:\windows\system32\vttimer.exe' C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\FREEDO~1\fdm.exe F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe c:\windows\system32\explorer.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Home\Application Data\FlashGetBHO\FlashGetBHO3.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\RunOnce: [Explorer] c:\windows\system32\explorer.exe RO O4 - HKLM\..\RunOnce: [Svchost] c:\windows\svchost.exe RO O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Home\Application Data\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Home\Application Data\FlashGetBHO\GetUrl.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FA63A28A-E34E-4B49-A236-136840D8CF76}: NameServer = 76.164.173.1 76.164.173.2 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5774 bytes I hope you can help, Thank you Michael This post has been edited by Rhineus: Nov 1 2009, 08:50 AM |
 |
 
|
Posts in this topic
Rhineus [Resolved] I have some baddies after format of XP Home Nov 1 2009, 02:01 AM
oldman960 Hi Rhinues,
The bit of malware found by ESET is i... Nov 19 2009, 08:44 PM Rhineus Ok, I emptied the Recycle Bin... I can completely ... Nov 19 2009, 11:51 PM oldman960 Hi Rhinues,
Avast is usually very light on resour... Nov 20 2009, 12:21 AM Rhineus Still nothing, acts like it did before... I don... Nov 20 2009, 01:14 AM oldman960 Hi Rhinues,
Since your problems started with Avir... Nov 20 2009, 09:01 AM Rhineus Nothing yet, it's still about the same but, I ... Nov 20 2009, 07:33 PM oldman960 Hi Rhinues,
I don't know why the Antivir regc... Nov 21 2009, 12:06 AM Rhineus Well, I guess its because whenever I start any pro... Nov 21 2009, 01:22 AM oldman960 Hi Rhinues,
You can post HERE
Include a link to ... Nov 22 2009, 10:32 AM Rhineus Ok, thanks oldman :-) Nov 22 2009, 10:34 AM
oldman960 Since this issue appears to be resolved ... this T... Nov 28 2009, 10:12 PM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
45 | GunnyShaw | 413 | Yesterday, 06:32 PM Last post by: CatByte |
|||
 |
5 | ajones | 110 | Yesterday, 02:10 AM Last post by: oldman960 |
|||
|
11 | pacificjade | 134 | 18th March 2010 - 05:00 PM Last post by: LDTate |
|||
|
7 | 3streamMusic | 178 | 18th March 2010 - 02:39 PM Last post by: LDTate |
|||
|
Time is now: 20th March 2010 - 03:42 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
