Slow and freeze

[kenaki]

Hi everyone,

Many times when I open more than 2 applications my pc will slow down and/or stalls/freezes. I suppose this is caused by it having more than one antivirus and antispyware.

I currently have Zone alarm suite (antivirus, antispyware and firewall) installed, in addition, I have Spyware doctors, Super antisypware, Spyware blaster, Norton security scan and hitman pro.

It seems to me that the ZA and The Spyware doctors are real time while the others are not. Could this be the source of the freezes and stalls ? I used to have AVG installed but already uninstalled it yet still not sure if it's completely uninstalled.

So I need you guys to please help me diagnose and guide me to cure my pc from freezes and slow downs without compromising the security.

Thanks,

Ken

 

[xxdanielxx]

well we can start with getting some logs

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Come back here to this thread and Attach the log in txt format your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[kenaki]

Hi Dan,

I'm glad you replied so soon. I already have Hijackthis installed so I can give you the log immediately but I am having trouble attaching the log as I can' t find any attachment button. How do I attach it to this post ?


Ken

 

[kenaki]

My hijackthis log

Sorry,... I finally found this attach button. ok here is my pc's hijack log attached. Please disregard my previous post regarding the attach button.

Thanks for your help.

Ken

 

[xxdanielxx]

Run Hijackthis and place a check next to the items below then click on fix items

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: winhost_app.winhost_appdll - {5E06398E-3017-467B-A399-18425A20F655} - C:\WINDOWS\winhost_app.dll
O2 - BHO: (no name) - {761233B6-F228-49E4-8F6B-668499D4E55A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

Now reboot I only Saw 1 AV, Firewall and SW. How much ram do you have and what type of cpu

 

[kenaki]

Slow & Freeze

Below is my PC info for your reference :

Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name PAL
System Manufacturer Dell Inc.
System Model Inspiron 700m
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Phoenix Technologies LTD A04, 5/18/2005
SMBIOS Version 2.31
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name PAL
Time Zone Eastern Daylight Time
Total Physical Memory 512.00 MB
Available Physical Memory 46.41 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.13 GB
Page File C:\pagefile.sys

I don't know why the log doesn't show the other antivirus or spywares that I have installed. Perhaps because they are not real time ? But the spydoctor and the Zone alarm are real time though. Since you only saw 1 AV, firewall and SW, I suppose, the freezes and stalls are not caused by Antivirus/firewall/SW conflict then ?
Fyi, I still have not uninstalled the windows firewall but I think it is disabled.

I am attaching the new hijack log because after fixing and rebooting, I ran the scan once again and found 2 entries still have missing files :

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

Did you leave them unchecked on purpose ? or should I rerun hijack and fix them ?

 

[xxdanielxx]

Ok to be safe let run some scans to make sure everything is clean

First disable your realtime SW

Spyware Doctor

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

==============================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

[kenaki]

Malware test result

Here is the MBAM log attached. According to the log, all infections have been quarant ined and deleted succesfully but why do I still can see them in the quarantine ?

I'm so surprised to find that my PC was infected with Trojan and DCAD malware while I already installed firewall, SW, AV and many other spyware busters. How come they couldn't detect this malware ? I really don't understand how this malware can penetrate my system. I even have installed mcafee site adviser and Trendmicro email id so that I could avoid spyful sites and emails. It's so frustrating to know that no matter how hard I try to protect my pc still vulnerable to spyware attack.

Do you know what these malwares do ? I'm afraid they steal my private data. Do I have to change all my bank accounts and passwords now ?

 

[xxdanielxx]

Open MBAM and delete eveything in the Quarantined.


As how did this get on your computer well to start you have BitComet.exe which is a P2P, then you use things like Megaupload. You can easily get infected by things like that especially if there is something you want really bad lol. The AV, SW & Firewall will not do the job right if you let it in

==================================================

TrendMicro™ HouseCall Java Scan

• Please go HERE to run the Trend Micro™ HouseCall Scan.
• Click Scan now. It's free!
• Read and put a Check next to Yes I accept the terms of use.
• Click the Launching HouseCall>> button.
• Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
• Please be patient while it installs, updates, and scans your system.
• Once the scan is complete, it will take you to the summary page.
• Under Cleanup options, choose clean all detected infections automatically.
• Click the Clean now>> button.
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

 

[SpiritWind]

Zone Alarm's "Spy Blocker" !?

Hi :

Noticed you have ZA's misnamed "Spy Blocker" on your computer; this is nothing
more than the Adware "ask.com" toolbar . You should seriously consider getting
rid of it after reading the very reliable Info at http://securitygarden.blogspot.com/2007/12/beware-of-zonealarm.html .

Additional it appears you HAD multiple "Versions/Updates" of Sun's Java; for
security purposes should ONLY have 1 "Version/Update" of this on a computer at
any moment in time. ALL Versions/Updates should be uninstalled EXCEPT the
latest, which can be found at www.java.com .

 

[kenaki]

To : Daniel ,
Even though I do sometimes download something I really want using bitcommet and megaupload but I also noticed that the Mozilla firefox v.3.0 always scans the downloaded files first. Are you suggesting that I shouldn't use bitcommet and megaupload at all ?

The Trend micro is still scanning my Pc and it will take another 3.5 hour before I can tell you the result.

To : Spirit wind,
Thanks for your info man...
btw what are the bad things that this ask.com toolbar do ? under the ZA spyblocker button, there is an uninstall spyblocker option. Should I uninstall just the spyblocker or the whole ZA suite ? also, should I run the hijackthis and check the ZA Spyblocker BHO to fix it ?

As for the version/update of sun Java, I just found : Java2runtime environment and Java (TM) 6 update 5 on the add/remove programs. Are these what you mean by version/update of sun Java ?

 

[kenaki]

The result of the trendmicro house call scan shows that I was infected with Troj_Generic and have 3 vulnerabilities in Wordperfect converter, Microsoftword and microsoft office could allow Remote Code execution. What's the next step Dan ? Are these infections the cause of my pc slowing down and crashes ?

 

[xxdanielxx]

Could be ok run the tool below

Download & Install SDFix

• Download SDFix & save it to your Desktop.
• Double click SDFix.exe & it will extract the file to %systemdrive%
  (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode

• Restart your computer & start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix

• Open the extracted SDFix folder & double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
• Attach Report.txt back here

 

[SpiritWind]

Security Suites

Hi :

Definitely should NOT have 2 different Security "Suite(s)" on your computer, as
they will "conflict" with each other . I do NOT recommend ANY Security "Suite", but
prefer the "layered" or "tier" Approach to security, selecting a very good and
possibly FREE program in EACH Malware-fighting "category" . For FREE AV, I
recommend Avast Home Edition ( www.avast.com ) and for antiSPYWARE/
antiTROJAN protection : 1) "SUPERAntiSpyware" 2) Malwarebytes Anti-Malware
3) SpywareBlaster from www.javacoolsoftware.com . For a software firewall,
can select Zone Alarm's . This would constitute the "core" of your security .

Since your current "Status" with Sun's Java is "hazy", I recommend you uninstall
everything you have of this program, then go to www.java.com and get the
latest .

 

[xxdanielxx]

hey SpiritWind since you think you know what you are doing I will let you finish and help him

 

[kenaki]

SDfix report

To Daniel,

Please don't stop... don't be upset... I'm sure Spirit Wind didn't mean to interfere.. I'm following every step you told me. You are still my man....
Attach please find the SDfix report ...


To Spirit wind,

Thanks for your input but I think it's better if you just send it to me through email so that Daniel can finish his job here. Here is my email : kenaki@yahoo.com , please send me your email cause I still have something to ask you.

 

[xxdanielxx]

Can you post a fresh hijackthis log.

I am not upset it gets annoying knowing you spent a long time training to help people but then others come who have not had training and say do this do that, it messes up the cleaning process

 

[kenaki]

Fresh Hijack log

Here is the new log Dan...

I understand how you feel.

so.. what's the next step bro...

btw I still feel this PC is dragging and I had to restart before I can post this because it was so heavy (taking too long time just to move from one application to another).

 

[xxdanielxx]

Hmm I dont see anything bad in your log run the tool below

ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[kenaki]

Combofix log and hijack log

Attached are the combofix log and the fresh hijackthis log.

This combo fix application really gives me the creep. When I try to run it, all my security software recognize it as a trojan virus. The spyware doctor keeps blocking it and consider it doing Malicious action, the ZA antivirus also caught it as Trojan-PVS Bancos and the windows always say : " can not open this file : pv.cfexe" . I had no choice but to use my mouse to click cancel because the spyware doctor keeps poping up during the whole process. When the ZA antivirus caught it, I didn't click remove because I don't want to interupt the combo fix process, so I think the virus is still there.

Could you double check the link and make sure that the application is free of virus of any kind ? Because last time I also had a combo fix but never had this problem. The combo fix ran for more than 20 minutes while the warning says it should run less than 10 minutes normally.

During the process it also seems deleting some application/programs. I'm really worried now, should I run the antivirus to check and delete any virus it finds ?



Ken

 

[xxdanielxx]

do me a favor and list all of your active protection

 

[xxdanielxx]

also looks like you have bits of norton run the tool below

Norton Removal

• Download Norton Removal to your desktop
• Run the Uninstaller
• Reboot computer

 

[xxdanielxx]

Your combo Fix show alot of realtime protection apps get me a uninstall log

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, attach it in your next post.

 

[kenaki]

List of protection

Here is the list of all protection softwares installed :
1. Zone alarm security suite with spyblocker removed (just Firewall, antivirus & antispyware)
2. Spyware doctor
3. spyware blaster
4. Super antispyware
5. Norton security scan
6. Trend micro email Id
7. Malwarebyte's antimalware (currently installed as per yr instruction)
8. Lavasoft adaware
9. Hitman Pro which is a combination of many antispywares ( adaware, spybotsd, spywareblaster, spysweeper, ewido antispyware microscanner, aawsepersonal, cwshredder, Prevxcsipp3642, and perhaps others)
10. Hijackthis, combo fix and SDfix

I think only # 1 and 2 are active, 3 I'm not sure, but the rest needed to be called/clicked to activate.

I have not used the norton removal cause I'm afraid it will erase #5 Norton security scan. waiting for your further instruction before proceeding with norton removal.

 

[kenaki]

uninstall log

Here is the hijack this uninstall report.