Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: My Computer Slows Down after 15 Minutes

  1. #11
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for the feedback, please see this:
    Attempting to delete C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll
    C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll Has been deleted!

    Stick with me and we will get to all infections before we are done.
    I
    ran combofix again trying to find the problem.
    <<< if you want to do this, I will be glad to get out of your way, I have more than I can find time to do.

    Please do this:

    1) Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

    C:\Documents and Settings\Phillip\Application Data\Sun\Java\Deployment\cache\ <<< clean out your Java cache:
    http://support.f-secure.com/enu/home...avacache.shtml

    Run and post a new Kaspersky scan using these settings exactly:
    Run this online scan using Internet Explorer:
    Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

    Next Click on Launch Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    * Standard
    * Scan Options:
    * Scan Archives
    * Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    * Select My Computer
    * This will program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
    * Save the file to your desktop.

    Then post it here.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  2. #12
    Junior Member
    Join Date
    Dec 2007
    Posts
    14

    Default

    Here is the uninstall list:
    Ad-Aware SE Personal
    Adobe Acrobat 4.0
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.1
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.0
    ALPS Touch Pad Driver
    AOL Instant Messenger
    Apple Mobile Device Support
    Apple Software Update
    AVG 7.5
    BitLord 1.1
    Broadcom Advanced Control Suite
    Broadcom TPM Driver Installer
    Conexant HDA D110 MDC V.92 Modem
    Conquer 2.0
    COSMOSMotion 2007 SP0
    COSMOSWorks 2007 SP0
    Dell Embassy Trust Suite by Wave Systems
    Dell Wireless WLAN Card
    Diablo II
    Digital Line Detect
    DivX Content Uploader
    DivX Web Player
    Document Manager Lite
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DWGeditor
    eDrawings 2007
    EMBASSY Security Center
    EMBASSY Trust Suite by Wave Systems
    ETS Launch Pad
    Final Fantasy VII
    Fraps
    Hero Editor V0.96
    Hex Workshop v4.23
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows XP (KB915865)
    iLike Sidebar
    Intel(R) Graphics Media Accelerator Driver
    iPod for Windows 2006-03-23
    iTunes
    Java DB 10.2.2.0
    Java(TM) 6 Update 3
    Java(TM) SE Development Kit 6 Update 3
    Kaspersky Online Scanner
    LimeWire 4.12.6
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Age of Empires
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Standard
    Modem Helper
    Mozilla Firefox (2.0.0.11)
    MSN Messenger 7.5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    NetWaiting
    NTRU Hybrid TSS v2.0.7
    PowerDVD 5.7
    Preboot Manager
    Private Information Manager
    QuickSet
    QuickTime
    RealPlayer
    Search Assist
    Secure Update
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB943460)
    Security Wizards
    Skype™ 3.2
    SolidWorks 2007 SP0
    SolidWorks Explorer 2007 sp0
    SolidWorks Installation Manager
    Spybot - Search & Destroy 1.4
    Starcraft
    System Requirements Lab
    Take Charge 2.4
    TeamSpeak 2 RC2
    TextPad 4.7
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    URL Assistant
    VideoLAN VLC media player 0.8.6b
    Wave Infrastructure Installer
    Wave Support Software
    Winamp
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Messenger 5.1
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    WinRAR archiver
    ZoneAlarm

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, December 08, 2007 11:54:35 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 8/12/2007
    Kaspersky Anti-Virus database records: 447209
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 67635
    Number of viruses found: 1
    Number of infected objects: 4
    Number of suspicious objects: 0
    Duration of the scan process: 05:49:37

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Phillip\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\History\History.IE5\MSHist012007120820071209\index.dat Object is locked skipped
    C:\Documents and Settings\Phillip\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Phillip\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Phillip\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll Object is locked skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\20\1b0842d4-17651d3e/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\20\1b0842d4-17651d3e ZIP: infected - 1 skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\47\bd7ce2f-17424a57/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\47\bd7ce2f-17424a57 ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000012.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000024.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000113.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000130.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000281.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0000296.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001296.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001336.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0001390.dll Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\D6GBP9B1.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{F8B13F51-598E-4200-BD60-23F511FC5B75}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\ZLT07dc2.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT07dd3.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  3. #13
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    KASPERSKY ONLINE SCANNER REPORT Saturday, December 08, 2007 11:54:35 PM

    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\20\1b0842d4-17651d3e/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\20\1b0842d4-17651d3e ZIP: infected - 1 skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\47\bd7ce2f-17424a57/vmain.class Infected: Exploit.Java.Gimsh.b skipped
    C:\RECYCLER\S-1-5-21-4166569501-2063234290-3126932686-1005\Dc1.0\47\bd7ce2f-17424a57 ZIP: infected - 1 skipped
    Empty your Recycle Bin:
    http://www.microsoft.com/resources/d....mspx?mfr=true

    According to Kaspersky, this file is clean:
    C:\Program Files\Common Files\Microsoft Shared\Speech\Wab64.dll Object is locked skipped
    Use one or more of these free online scans to be sure and post the results:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/

    I can see anything in the Uninstall list that looks like malware, but I do not know many of your programs, look at them one by one and make sure you do.

    Let me have some feedback.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  4. #14
    Junior Member
    Join Date
    Dec 2007
    Posts
    14

    Default

    The Wab64.dll file doesn't seem to be showing up in that directory. I set it to view hidden files, but nothing showed up. So, I scanned everything in C:\Program Files\Common Files\Microsoft Shared\Speech and svchost.exe looks to be infected, I don't know.

    Here are the logs:
    Virus Total
    File svchost.exe received on 11.20.2007 05:33:07 (CET)
    Antivirus Version Last Update Result
    AhnLab-V3 - - -
    AntiVir - - HEUR/Crypted
    Authentium - - Possibly a new variant of W32/Threat-HLLPEM-based!Maximus
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    FileAdvisor - - -
    Fortinet - - -
    F-Prot - - W32/Threat-HLLPEM-based!Maximus
    F-Secure - - Hupigon.gen131
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - Hupigon.gen131
    Panda - - Suspicious file
    Prevx1 - - Heuristic: Suspicious File With Covert Attributes
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Heuristic.Crypted
    Additional information
    MD5: 6aace0fb8ba97a366c954b5ebd18c63a

    Jotti
    File: svchost.exe
    Status:
    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: 6aace0fb8ba97a366c954b5ebd18c63a
    Packers detected:
    ARMADILLO
    Bit9 reports: File not found
    Scanner results
    Scan taken on 09 Dec 2007 20:48:42 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found HEUR/Crypted
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found Possibly a new variant of W32/Threat-HLLPEM-based!Maximus
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found Hupigon.gen131
    Panda Antivirus
    Found nothing
    Rising Antivirus
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing

    I emptied my recycle bin and checked over all of my programs. The computer seems to be running normally. However, I am worried about svchost.exe. What should I do? Thanks.

  5. #15
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    C:\Program Files\Common Files\Microsoft Shared\Speech and svchost.exe looks to be infected, I don't know.

    The VALID svchost.exe would be in the System32 folder)

    It's hard for me to make decisions on the fly like this, my decisions are the result of the logs I look at and the information I collect. If both of these files are here:

    C:\Program Files\Common Files\Microsoft Shared\Speech and svchost.exe <<< in the folder in red and they have returned information from the online scan indicating they are infected, then move them to your Recycle Bin (delete them) and see what happens. You can leave them in the RB for a bit and if the computer runs fine without them, then empty the RB.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  6. #16
    Junior Member
    Join Date
    Dec 2007
    Posts
    14

    Default

    After I deleted the whole Speech folder, something recreated it and named it "speech" under the same directory. Within speech, there is a folder called 1033 that seems to be empty. I tried deleting it again, but it gave me the message that 1033 could not be deleted because it is being used by another application.

    My computer has started to slow down starting at start-up. What should I do now?

  7. #17
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I have no idea at this point, you may want to think about a reformat:
    http://spyware-free.us/tutorials/reformat/
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    http://helpdesk.its.uiowa.edu/window...s/reformat.htm
    or at least a repair install of your Operating System:
    http://www.google.com/search?hl=en&q...=Google+Search

    You can post a new HJT log and I will look at it in the morning, to tired tonight.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  8. #18
    Junior Member
    Join Date
    Dec 2007
    Posts
    14

    Default

    Sorry for posting this so late. I have been very busy with exams lately.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:47:17 PM, on 12/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.16\ilikesidebar.exe /checkforupdate
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SpybotDeletingB1617] command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_tobedeleted_old" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SpybotDeletingB1617] command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_tobedeleted_old" (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8855 bytes

  9. #19
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Did you read my last post?

    Do you know what this is?
    C:\Program Files\iLike\1.1.16\ilikesidebar.exe /checkforupdate

    C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe
    I need to know what that file is in red, use one or more of these scanners to find out and post the information.
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/

    Make sure you follow that pathway and no other. I need you to scan the svchost.exe that is in the Speech folder. I am fairly certain it is a trojan.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #20
    Junior Member
    Join Date
    Dec 2007
    Posts
    14

    Default

    The iLikesidebar is an application for iTunes. It's a safe program to my knowledge.

    I tried scanning C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe, but apparently the file is 0 bytes. When I look in speech, all I see is another empty file named 1033.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •