XP too slow

  1. 12-04-2008  #1
    mikki
    mikki is offline Newbie

    XP too slow

    XP takes to long to load and connect to the net.
    Here is HIjack log.

    Thanks guys.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:30:54, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\HPZipm12.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Poker\CDPoker\casino.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

  3. 12-04-2008  #2
    owen
    owen is offline D-A-L Team Member (UK)
    You are using an old version of Hijack This and have posted this log in the incorrect forum, Hijack This Logs should be posted in the Spyware, Adware, Viruses and Hijack This Logs forum.

    See this post for advise on Speeding Up your computer.
  4. 13-04-2008  #3
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    Moving thread.
  5. 13-04-2008  #4
    mikki
    mikki is offline Newbie
    Sorry guys.
    Here is the log.
    SmitFraudFix v2.312

    Scan done at 1:10:11,95, 13/04/2008
    Run from D:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\HPZipm12.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mick


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mick\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Mick\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Pakketplanner-minipoort
    DNS Server Search Order: 213.51.144.37
    DNS Server Search Order: 213.51.129.37

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6599F36A-57E5-4405-8EB9-75F25E3A8123}: DhcpNameServer=213.51.144.37 213.51.129.37
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6BA2FDBF-7402-4DB5-988B-93DA37D446B1}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6599F36A-57E5-4405-8EB9-75F25E3A8123}: DhcpNameServer=213.51.144.37 213.51.129.37
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6BA2FDBF-7402-4DB5-988B-93DA37D446B1}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{6599F36A-57E5-4405-8EB9-75F25E3A8123}: DhcpNameServer=213.51.144.37 213.51.129.37
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{6BA2FDBF-7402-4DB5-988B-93DA37D446B1}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.51.144.37 213.51.129.37
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.51.144.37 213.51.129.37
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.51.144.37 213.51.129.37


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:16:17, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sygate\SPF\smc.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\HPZipm12.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Grisoft\AVG7\avgcc.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\WINDOWS\system32\cmd.exe
    D:\WINDOWS\NOTEPAD.EXE

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Poker\CDPoker\casino.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

    --
    End of file - 3190 bytes
  6. 13-04-2008  #5
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    There is no evidence of malware in your hijackthis log.

    Did you read and perform speeding up procedures that Owen advised you to do?



    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.




    Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

    When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

    And post a new HJT log also..
+ Reply to Thread
« VirusRanger 3.2 | Logfile and Trojan-Downloader- Zlob »