Computer Hope

Software => Computer viruses and spyware => Topic started by: leleo80 on January 07, 2006, 07:09:14 AM

Title: slow internet - adsl lights blinking like crazy
Post by: leleo80 on January 07, 2006, 07:09:14 AM

There was also some suspicious ilt.exe running.. I have removed that, but still... internet is REALLY slow! Please help!

Logfile of HijackThis v1.99.1
Scan saved at 05:06:01, on 7/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\AceLogix\StartupGuard\sg.exe
C:\WINDOWS\System32\win32oleupdate.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Leo H. Sano\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Leo H. Sano\Application Data\Mozilla\Profiles\default\0r2vt8qt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Leo H. Sano\Application Data\Mozilla\Profiles\default\0r2vt8qt.slt\prefs.js)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Services] C:\iexplorer.exe
O4 - HKLM\..\Run: [Win32 Update] C:\WINDOWS\System32\win32oleupdate.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKCU\..\Run: [Startup Guard] C:\Program Files\AceLogix\StartupGuard\sg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C5DB328-E72E-4B84-95CD-900E110CA7DD}: NameServer = 200.175.5.139,200.199.252.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8D846F-4FC3-4C64-B747-1BAF257A30B9}: NameServer = 200.175.5.139
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cvcworking setting (cvcWork) - Unknown owner - C:\WINDOWS\syscvhost.exe
O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe

Title: Re: slow internet - adsl lights blinking like craz
Post by: leleo80 on January 07, 2006, 07:09:45 AM

O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\System32\ircomm2k.exe
O23 - Service: NMap - Unknown owner - C:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Windows Update Manager (Update Manager ) - Unknown owner - C:\WINDOWS\System32\updmgr.exe

Title: Re: slow internet - adsl lights blinking like craz
Post by: GX1_Man on January 07, 2006, 08:44:40 AM

What do you use for spyware/adware/virus protection? I see Norton mentioned. Are all of these protections up to date and being used?

Are you rnning XP with SP2?

Title: Re: slow internet - adsl lights blinking like craz
Post by: leleo80 on January 07, 2006, 06:20:56 PM

nope, it is not uptodate. could you recommend some free softwares for me to run and try to solve this problem? thanks!

Title: Re: slow internet - adsl lights blinking like craz
Post by: GX1_Man on January 07, 2006, 06:49:01 PM

SP2 if running XP

MS Antispyware Beta
Spybot
AdAware
CCleaner
Ewido

All are free. Just google for them.

If you are using Norton, make sure it is up to date also. If not AVG Free is wonderful.

You really need an arsenal of things if you are using Windows on the Internet. Some do some things better than others. One antivirus is enough however, whatever you decide on.

CAUTION - LINUX PLUG

Of course with Linux you need none of these things at all!

Title: Re: slow internet - adsl lights blinking like craz
Post by: dl65 on January 08, 2006, 01:08:11 AM

leleo80..... You machine is infected with at least the W32.Spybot.FCD WORM

Before you go any further .....we need to know if your anti virus is up to date as far as the subscription ( has it expired ) and do you have the latest virus definitions ?
I also notice that you are not running XP service pack 2......AND you are using a outdated version of Internet Explorer ........ Is there any reason for this ?

Shut down your system restore

Open your hijackthis program .....let it generate a new log and then mark for removal the following:
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\WINDOWS\System32\scpsssh2.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe

O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe    

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe  

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe

O16 - DPF: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} (ssh2 Class) - https://cpib.bradesco.com.br/scpsssh2.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab    
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C5DB328-E72E-4B84-95CD-900E110CA7DD}: NameServer = 200.175.5.139,200.199.252.68    
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8D846F-4FC3-4C64-B747-1BAF257A30B9}: NameServer = 200.175.5.139  

O23 - Service: cvcworking setting (cvcWork) - Unknown owner - C:\WINDOWS\syscvhost.exe    

O23 - Service: Free Proxy Service (FreeProxy) - Hand-Crafted Software - C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe  

Now click on FIX MARKED ............and the REBOOT .......then open hijackthis and run another scan and post it here please .

dl65  ::)