Malware/Slow CPU response times

[chris_0076]

I am having problems with my computer currently. It has problems with pop ups from "iexplore[Caution: Executable File]". They pop up periodically about every 4-5 minutes. They pop up using the Internet Explorer browser, but I know that it is not because I have removed Internet Explorer from the Add/Remove Windows Programs dialog. Every time I delete the process in Task Manager it pops back up within 2-3 seconds. I have run Avast Virus scan (normal and during boot) it did not find anything. I have done the same with AVG. Then I did the exact same with Spybot Search and Destroy, but still it is still there. Any solutions? I have searched around and all I see is people posting that they need to get rid of it but no solutions that I can find.

 

 

 

Hijackthis shows:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:39:13 PM, on 12/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

C:\WINDOWS\system32\rundll32[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\WINDOWS\System32\regsvr32[Caution: Executable File]

C:\WINDOWS\explorer[Caution: Executable File]

C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File]



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [vqwstrwtmiest] C:\WINDOWS\System32\regsvr32[Caution: Executable File] /s "C:\WINDOWS\system32\mnwbmtxjlnhwuouff.dll"

O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\JUser\LOCALS~1\Temp\winloggn[Caution: Executable File]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution: Executable File]"

O4 - HKLM\..\Run: [Hcohacibisovuni] rundll32[Caution: Executable File] "C:\WINDOWS\Croqifur.dll",e

O4 - HKLM\..\Run: [Rxokicozi] rundll32[Caution: Executable File] "C:\WINDOWS\epidacib.dll",e

O4 - HKLM\..\Run: [5c6dd6e9] rundll32[Caution: Executable File] "C:\WINDOWS\system32\llqsaeaq.dll",b

O4 - HKLM\..\Run: [wuvuzurosu] Rundll32[Caution: Executable File] "C:\WINDOWS\system32\nupepugu.dll",s

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager[Caution: Executable File]" AcRdB7_0_8

O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\JUser\LOCALS~1\Temp\winloggn[Caution: Executable File]

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\JUser\Application Data\Twain\Twain[Caution: Executable File]

O4 - HKCU\..\Run: [e7LBFID2j1Preb] C:\Documents and Settings\JUser\Application Data\Microsoft\Windows\qolab[Caution: Executable File]

O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\JUser\Application Data\gadcom\gadcom[Caution: Executable File]" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\JUser\nah_xljh[Caution: Executable File]

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

O8 - Extra context menu item: &Search - ?p=ZUfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: Executable File]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller[Caution: Executable File]

O16 - DPF: {C62FC49C-C55D-11DA-97D5-000BDB1ABB7B} (NolijWeb.NolijWeb_Logon) - file://\\Katana\Nw\NolijWeb.CAB

O20 - AppInit_DLLs: C:\WINDOWS\system32\wavojami.dll,jhjnno.dll,C:\WINDOWS\system32\mafazupe.dll,C:\WINDOWS\system32\wusiwuto.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32[Caution: Executable File]



--

End of file - 4813 bytes

 

 

 

 

 

Problem two is that this computer I am using is very unresponsive to opening a new program (Anywhere from 10 to 30 secs to start opening a program). It is not that it is slow to load files that is not the problem, but rather finding them to start opening them. Example being when I open Gimp it waits quite a while then it loads Gimp fairly quickly. But then when I get into Gimp it is slow to populate the list of images.(even if there is only one small one in the folder.

 

 

 

System specs:

 

Dell Optiplex 745

 

 

 

Intel Core 2 Duo E6400 2.13Ghz

 

1 Gig of RAM

 

Onboard junk video processor

 

XP SP2... need to upgrade to SP3

 

 

 

If you need me to give better system specs then just tell me and I'll post whatever you need.

[D. V. Devnull]

Your 'problem #2' is linked to your 'problem #1', from what I can tell...

 

 

 

Now, I would wait for confirmation from another user in Tech&Comp, but I suggest that you download "LavaSoft's Ad-Aware" and "Malwarebytes' Anti-Malware"... Theoretically, you should be able to unleash those two programs upon whatever is bogging your computer down... Also, one of them should find your problem and give you the option to remove it. :geek:

 

 

 

 

 

BTW, you have run an AntiVirus scan, right? And tried to use Spybot S&D too? :-s

 

 

 

 

 

~D. V. "Spyware, the bane of my existence..." Devnull

[Sbrideau]

Are you having 2 antiviruses running at the same time? If that is the case, then no wonder the malware could get past so easily, both antiviruses comflict with the other.

 

 

 

And I confirm what Devnull said, it really seems to be malware, and the second problem would be linked to either the virus, having 2 antiviruses at once(if the both run at once) or both.

 

 

 

I would get rid of AVG if I were you. Despite the fact that it was good last spring, it is not anymore, it's more like in the worst antiviruses now.

 

 

 

I don't know about malwarebytes since I never used or saw it in action, but I can say Ad-Aware is a very good program though, and even better in combo with Spybot(which you already have).

[chris_0076]

Originally it was running AVG then when it did not find it I uninstalled it and went with Avast... and I still did not get it.

 

 

 

D V Devnull I'll try those out and see what happens. I'm assuming I am going to need to remove Avast correct?

[D. V. Devnull]

D V Devnull I'll try those out and see what happens. I'm assuming I am going to need to remove Avast correct?

Quite the opposite. Do NOT remove Avast!!! :shame:

 

 

 

~D. V. "omgbbqwtf?" Devnull

[chris_0076]

Wait so then that will make it to where I have 1 Anti-virus and 3 anti-adware/malware?

[D. V. Devnull]

Wait so then that will make it to where I have 1 Anti-virus and 3 anti-adware/malware?

Correct... However, the Anti-'Adware/Malware' will NOT always be active, which means there should be no conflict between the AntiVirus and them. :thumbup:

 

 

 

~D. V. "Don't worry, man." Devnull

[chris_0076]

Ran a quick scan and it found a lot of tracking cookies, and a few critical ones. It would let me get rid of all them but one.

 

 

 

Now I'm starting a full scan... lets hope it clears it out.

[chris_0076]

I ran the scans Ad-aware stopped half way through and locked up when it got to IE temp files. Then my computer shut its self down. I turned it back on and immediately have started a virus scan. The whole time that is has been going on funky things have been happening. Control panel on works some times, folders take a very long time to switch between, Firefox finds an error about 2 seconds after it starts, and explore[Caution: Executable File] keeps going in and out (not much of a problem just annoying). I am tempted to now boot with some sort of Linux live CD so that hopefully the viruses/malware are not cross platform (I also planning on removing all connection to the internet to not work against myself. Is this a good way to go to do my scans?

[D. V. Devnull]

Possibly... Might even work, for all I know... Try it if you want, but backup the computer first... Heck, I should have said to do that before running those two utilities... If you can, undo only the things needed to make items like explorer/firefox work again too. :|

 

 

 

BTW, do you have a backup of your computer from some time back, before this began happening? If so, back up all of your personal data now... While I don't recommend doing this normally, I'm going to suggest that (if all else fails) you revert to your backup, and then get all your personal files back together and up-to-date... The problem you have appears to have infected critical system components to a point where these repair utilities are only causing the problem to become more apparent... When something like that happens, there is no choice other than reverting to a previous full backup and/or rebuild from scratch... (Or a manfacturer CD, if you have one of those.) :(

 

 

 

~D. V. "Crap... I hate problems that cause reverting a PC..." Devnull

[chris_0076]

I have no backups for that computer other than system restore points... but when I go to system restore from safe mode it always fails. In system restore it says than the last known good configuration was on Tuesday so I'll boot back up and try that. (Post made from another computer)

 

 

 

EDIT: BA-BAABYUM!!

 

 

 

So far in Last Known Good Config. It is running just fine. I'll take it through a test spin or two to make sure it is not just messing with me.

 

 

 

EDIT: Question: Does last know good config save itself? (I am pretty sure it does just making sure).