Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 1225

Sep 1st, 2009

Windows xp loading too slow and pc also very slow

Expand Post »

Dear All,

Please help.I suspect a rootkit or virus.
Posting hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:48 PM, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5112.0000)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\hkcmd.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
e:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
E:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UAService.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IGMONObj Class - {02464DDC-3187-11D8-8004-0020ED227566} - E:\Program Files\iGetter\Integration\IGMON.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4753C135-BCE4-4E6C-BD92-10D53E67E5A1}: NameServer = 202.54.10.2,202.54.29.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: IE Browseui preloader - {240E2B94-741E-4513-B66A-60EC26A9EF26} - E:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - E:\WINDOWS\system32\ieframe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - E:\WINDOWS\system32\UAService.exe

--
End of file - 5377 bytes
Please help me in getting my pc work faster again.Thanks

Similar Threads

desktop can't get past windows loading screen in Troubleshooting Dead Machines
PC Goes to windows loading screen then turns off in Troubleshooting Dead Machines
Slow, slow, slowwwwwwww in Windows NT / 2000 / XP
Windows XP Home Edition Slow in Windows NT / 2000 / XP
PC cannot get past windows loading in Windows NT / 2000 / XP

vignesh83

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

8 posts
since Apr 2005

Permalink

Sep 1st, 2009

Re: Windows xp loading too slow and pc also very slow

Why do you suspect a rootkit? Have you done any scans which say this or give indications of this?
Do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)
• You can put ATF-Cleaner on your Desktop for easy access
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

If you use Opera browser, do this also:

* Click Opera at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a NEW HJT scan, save the log and post back with the logs in this order, MBA-M log, ESET log, and finally the new HJT log. I'll take a look.

jholland1964

Moderator

Featured Poster

Reputation Points: 725

Solved Threads: 339

Posting Expert

Offline

5,497 posts
since Jul 2008

Permalink

Sep 21st, 2009

Re: Windows xp loading too slow and pc also very slow

Dear Jholland,

While scanning through Avast Antivirus,I got message"suspicious files have been detected using heurustic method.This may besign of malwar infection.please allow files to be submitted to our virus lab for analysis.

e\windows\system32\mnmsrvc.exe

e\windows\system32\wuauserv.dll

e\program files\microsoft visual studio\common\tools\vs-ent98\vanalyser\varpc.exe

When I tried to delete them ,avast said virus is in operating memory

I restarted the pc and manually deleted the 3 infected files.

But still the pc is running very slow.I believe there is still hidden virus in my operating memory as windows xp starts very slow and hangs in between.please help

vignesh83

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

8 posts
since Apr 2005

Permalink

Sep 21st, 2009

Re: Windows xp loading too slow and pc also very slow

You know this thread is 19 days old. You have NOT submitted the logs from the steps I gave you, 19 days ago. The information just posted doesn't tell me WHEN this happened only that it DID happen. While the files found COULD be a sign of infection they also Could have been legitimate files because there ARE legitimate files which have the same name. Just deleting them without knowing for sure could have caused damage to the computer, rather than delete them you should have submitted them. But I have know idea WHEN this happened...21 or more days ago, this morning, last night? I have no idea.
Have you done ANY of the steps I requested? We request these for a very good reason, to help us help you AND to clean the computer.
I can not offer any advice because I have nothing new to look at except a HiJackThis log which now is 21 days old and was 2 days old when you submitted it here.
The slowness of the computer cannot be too much of a problem since you failed to return and failed to do the steps given to you 19 days ago.

Edit: Looking back through 7 threads you have begun in the last 2 years this seems to be very common for you, post a question and NEVER return. If you want problems solved then you MUST stick with it. Nothing can be done otherwise.

Last edited by jholland1964; Sep 21st, 2009 at 12:08 pm.

jholland1964

Moderator

Featured Poster

Reputation Points: 725

Solved Threads: 339

Posting Expert

Offline

5,497 posts
since Jul 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: anti virus

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Windows Police Pro has me

DaniWeb Message

Cancel Changes

User Name
Password