Help on Trojan or visrus

[thelexicon]

My computer is slow. I am running NAV, AdAware, PP, TH and ZA.

Logfile of HijackThis v1.97.7
Scan saved at 11:44:44 AM, on 10/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post To &WP : Right Journal - javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('http://rightjournal.com/wp-admin/bookmarklet.php?text='+escape(Q)+'&trackback=1&pingback=1&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=590,left=100,top=150,status=yes'));btw.focus();
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab

[MrLinus]

Get a faster CPU?

What is the CPU/Memory/Harddrive situation like? How many applications are running in the background at any given time?

And what constitutes slow? When you attempt to access applications does the hard drive "grind"?

[kurt_der_koenig]

Umm like MsMittens said, some more details on you box would be nice help to figure out if it is a "real" problem! Ram, processor speed..... But I see that you have Nortan on your machine! Nortan can really slow you down sometime depending on what you have and what your doing.

[Mikelly]

Could the last line item in your running processes (hijacl this.exe) have anyting to do with the lack of performance from your computer? It is a little obvious to be a trojan executable, but its worth investigating all the same

[MrLinus]

Mikelly, HiJackThis.exe is the tool he used to generate that output. It's a tool that can be used to see what things are in the registry, specifically for detecting spyware.

[helplesslyhopin]

quick glance of the log shows nothing spyware/adware wise..
of course, as you add more programs to your startup list, it'll gradually bog things down..
to me, norton might be the cause of it.. it's a notorious resourse hog..

to me, if you don't want to use a free AV like AVG.. and prefer to pay, then I'd pay for
kaspersky.. it's relatively low on the resources and quite good on the coverage.

and just my opinion.. trash zonealarm in favor of kerio or sygate..

[gauravjulka]

norton no doubt consumes resources, but this is a safe bet yet. If evaluate the functionality of NAV it catches most of the viruses from the net. Try to use tools like Diskdefragmenters, registry cleaners and spyware removers. Some secret programs do not make their appearance using tools like hijackthis.etc. Also adjust the system properties. Right click on My computer -> System Properties -> Performance ->FIle System -> Choose Network server. THese adjustments may help improve the performance

[Konshuss]

This problem sounds like exactly what problem i have had in the past...

CTRL + ALT + DEL then go to PROCESS's see if one of the svchost.exe is consumming all the CPU

if so go to one of my old threads >>> what is svchost.exe

what is svchost.exe 'go to my profile and look at my old threads


hope this helps, i know how much of a bitch it can be!

oh also, you can assign priority setting to your process's, so if there are a few process's that are hogging all the CPU you can allow them to take it, but when you have a specific application that you want to have priority you can set it to have just that.

CTRL + ALT + DEL > PROCESSES > RIGHT CLICK ON THE SPECIFIC TASK > SET PRIORITY

there are a few different ways of altering process's look through the forums.....

and dont ditch zone alarm, im not sure about Keiro but i wouldnt use it, sygate defo no no! i used it for a couple of days, then i got a random virus which made the firewall infinately load so i would end up with litteraly hudereds of firewalls! very annoying

[morganlefay]

Currently have a laptop on my bench
user complains its REALLYY REALLY slow...and it is really really slow.

Hardrive is going......reads fine..(cause XP runs in memory)...but cant write to the drive.

Maybe its a hardware thing

and not nessecarily an software\virus\spyware thing

MLF

[rajunpl]

While using windows, most often I found PC is being slow because I forget to defrag and net slow because of spyware. BTW I hate Norton.