Extremely slow computer

[Adson]

Hi. I deleted everything from the attachments folder and the did the Panda ActiveScan as you suggested. Here ae the results:

Incident Status Location Adware:adware/gator Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\bundle.inf
Adware:adware/sahagent Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\bundletracking.asp
Adware:adware/msview Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\MSView.inf
Adware:adware/p2pnetworking Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\p2psetup.exe
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\cards.ico
Adware:adware/ezula Not disinfected C:\WINDOWS\SYSTEM32\ezStubi.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM32\mseggrpid.dll
Adware:adware/igetnet Not disinfected C:\WINDOWS\SYSTEM32\NLNP!3.exe
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Adware:Adware/IGetNet Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\BHO001.DLL.dat
Adware:Adware/MSView Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\MSView.inf
Adware:Adware/P2PNetworking Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\p2psetup.exe
Adware:Adware/IGetNet Not disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\RSP001.DLL.dat
Virus:Trj/Downloader.L Disinfected C:\Documents and Settings\Adson Santos\Local Settings\Temp\susp.inf
Virus:Trj/SubSearch.I Disinfected C:\Documents and Settings\All Users\Application Data\IEService\IEService.dll
Virus:Trj/SubSearch.I Disinfected C:\Documents and Settings\All Users\Application Data\IEService\IEService.exe
Dialerialer.XS Not disinfected C:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010
Dialerialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Virus:Trj/Mitglieder.BO Disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc153.zip[doc_01.exe]
Virus:Trj/Mitglieder.BO Disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc154.zip[doc_01.exe]
Virus:Trj/Downloader.L Disinfected C:\WINDOWS\inf\susp.inf
Virus:Trj/SubSearch.I Disinfected C:\WINDOWS\system\IEService.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\Agent.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt
Virus:Trj/Downloader.CHU Disinfected C:\WINDOWS\system32\ctbv2.dll
Adware:Adware/eZula Not disinfected C:\WINDOWS\system32\ezStubi.dll
Adware:Adware/SaveNow Not disinfected C:\WINDOWS\system32\Freeze.dll
Adware:Adware/IGetNet Not disinfected C:\WINDOWS\system32\NLNP!3.exe
Adware:Adware/IGetNet Not disinfected C:\WINDOWS\system32\NLNP13.dll
Adware:Adware/MSView Not disinfected C:\WINDOWS\system32\nostalgia.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\SHAgent.dll
Dialerialer.Gen Not disinfected C:\WINDOWS\system32\UKVideo2-uninstall.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll

 

[LonnyRJones]

Hi

Download System Security Suite.
http://www.igorshpak.net/
If that site is unavailable use this link please
http://forums.subratam.org/index.php?act=Attach&type=post&id=25013
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

Then manualy delete these files and folders
C:\Documents and Settings\All Users\Application Data\IEService
C:\Program Files\Common Files\Totem Shared
C:\WINDOWS\SYSTEM32\cards.ico
C:\WINDOWS\SYSTEM32\ezStubi.dll
C:\WINDOWS\SYSTEM32\mseggrpid.dll
C:\WINDOWS\SYSTEM32\NLNP!3.exe
C:\WINDOWS\system32\ezStubi.dll
C:\WINDOWS\system32\Freeze.dll
C:\WINDOWS\system32\NLNP!3.exe
C:\WINDOWS\system32\NLNP13.dll
C:\WINDOWS\system32\nostalgia.dll
C:\WINDOWS\system32\SHAgent.dll
C:\WINDOWS\system32\UKVideo2-uninstall.exe
C:\WINDOWS\system32\xmltok.dll

How did that go ?

 

[Adson]

Hi,

I did that and then did a Panda scan which said I had 27 adware and 2 diallers (but no viruses...yipee!). I wanted to save the log to post here but could not work out how do do that (there was no option given at the end of the scan nor when right clicking).

Do you suggest anything else?

Many thanks.

 

[LonnyRJones]

Are there any current problems ?

 

[Adson]

The Panda Activescan says I still have 23 spyware and 2 diallers. Do you know how I can get rid of these?? I tried Spybot S&D abd Ad-Aware Se Personal but they do not show any spyware (neither does AVG).

Here is the result of the Panda activescan:

Incident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\Agent.dll
Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:adware/ist.istbar Not disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Dialerialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\Agent.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt

 

[LonnyRJones]

Hi

Can you manualy delete these items ?
C:\WINDOWS\SYSTEM32\Agent.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\PROGRAM FILES\COMMON FILES\Totem Shared < folder
C:\WINDOWS\SYSTEM32\FLEOK

 

[Adson]

Thanks. I've done that.

I noticed in the activescan that there were lots of cookies listed. Should I delete all cookies?

Thanks for all your help.

 

[Adson]

Hi.

I've just done another Panda scan and it is still saying I have 22 spyware and 2 diallers. Here is the log file

Incident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\sahagent1001.exe
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@ad.yieldmanager[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@burstnet[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@google.com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@searchportal.information[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@toplist[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@uol.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adson Santos\Cookies\adson santos@xiti[1].txt
Dialerialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Adware:Adware/SAHAgent Not disinfected C:\RECYCLER\S-1-5-21-3088433937-1417818515-3399203189-1004\Dc5.dll
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@offeroptimizer[1].txt

 

[LonnyRJones]

Hi

C:\WINDOWS\SYSTEM32\sahagent1001.exe < delete that file

Clear Internet Explorers's cache
1. In Control Panel, open Internet Options.
2. Click the General tab, and then under Temporary Internet files, click Delete Files.
3. In the Delete Files dialog box, click to select the Delete all offline content check box.
4. wait for the hourglass to disapear
optional , use the delete cookies button
5. Click OK.

Let use know of any problems

Not to worry about the other items in the panda scan unless new files show, other that cookies

 

[Adson]

Hi Lonny,

Thanks for all your help - my computer is now virus free and down from 23 malware to just 3 and 2 dialers.

I see that sahagent keeps popping up its ugly head! Do I need to worry about these last few problems or is there away to get rid of them?

Here is the latest panda activescan:

ncident Status Location

Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\lsp_.dll
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.ok Not disinfected HKEY_CLASSES_ROOT\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
Dialerialer.OK Not disinfected C:\Program Files\Hijackthis\backups\backup-20060111-010101-637.inf
Spyware:Cookie/OfferOptimizer

 

[LonnyRJones]

Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in

66BD1BD0-3655-42E4-8CE9-16D3613B0B25

hit ok, wait, then when wordpad opens copy that back here please
Note: Your antivirus script protection might interfear, its safe, please allow it to run.
do the same for
sahagent

What filesharring programs do you have installed ?

 

[Adson]

; Registry search results for string "66BD1BD0-3655-42E4-8CE9-16D3613B0B25" 01/02/2006 17:56:37

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\TypeLib]

How do I do the same thing for sahagent - do I just paste in the name sahagent of is there a string of code to use? I tried by just putting the word sahagent and it said there were no instances of it.

How can I find out what file sharing programs are installed on my computer? I use Real Player almost everyday to watch television programs (is that a file sharing program). Sorry for my ignorance

 

[Adson]

; Registry search results for string "66BD1BD0-3655-42E4-8CE9-16D3613B0B25" 01/02/2006 17:56:37

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}\TypeLib]

How do I do the same thing for sahagent - do I just paste in the name sahagent of is there a string of code to use? I tried by just putting the word sahagent and it said there were no instances of it.

How can I find out what file sharing programs are installed on my computer? I use Real Player almost everyday to watch television programs (is that a file sharing program?) Sorry for my ignorance

 

[LonnyRJones]

Hi

Lets swicth gears and install Ewido
Please download Ewido AntiMalware it is a free version of the program.
Install Ewido AntiMalware
http://www.ewido.net/en/download/
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
Note: Your firewall may say "Antimalware wants to access the internet" It may not say Ewido.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
http://www.ewido.net/en/download/updates/
When the trial runs out you can continue to use the program but without its resident protection.

Click on scanner.
Click on Complete System Scan and the scan will begin.
If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Ewido automatically saves the report here on every scan:
(default program installation folder)
C:\Program Files\ewido\security suite\Reports
Now close Ewido AntiMalware and post that report

 

[Adson]

Hi Lonny,
I downloaded Ewido but am having problems running it as the scan finds 9 problems, getting through 18.2% of the scan and does not progress any further. I have tried running it several times and even left it running overnight but the same thing always happens. I have also noticed that since downloading Ewido my computer has become much slower and very noisy (the fan is constantly on). Any suggestions?

 

[Adson]

Hi. I've noticed something in called Thumbs.db in MyPictures that I had not seen before. I've deleted it (it says its a system file) but it always reappears somewhere else. Any idea what this is and if it is something malicious?
Thanks, Adson.

 

[LonnyRJones]

Hi
Thumbs.db and other odd looking files become visible when you set windows to show hidden files foles and extension's, leave them alone.

Try running Ewido while in safe mode, Run SpyBot then ad-aware and finaly your antivirus programs to while there (one at a time)

Reboot into safe mode
Click Start, click Run, type msconfig in the Open box, and then click OK.
click the boot.ini tab > Tick [X]/Safeboot, apply > OK and restart windows.


runs those scans one at a time

Restart back to normal By unchecking [ ]/safeboot in msconfig
hit apply then OK and let windows restart
When windows has restarted place a check in the
[X] dont show this message or launch the system configurations utlity when windows starts.

 

[tashi]

Still with us Adson?

 

[tashi]

This topic will now be archived to prevent others with similar issues posting in it.

 

[tashi]

Re-opened upon request, Lonny pmed.