PC is slowing down :--(

pangetpanget
edited July 2008 in Spyware & Virus Removal
Hi, my father is having some problems w/ the PC. Please give us a hand. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:10, on 2007-4-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\PhCore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINPENJR\win32\custom.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINPENJR\win32\DRAWOBJ.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\HandWrite\MyNewRecog.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AP.EXE
C:\WINPENJR\win32\PPHBUF.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HandWrite\InsTalk\InsTalk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFP.EXE
C:\Program Files\Oray\PeanutHull5\PhDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBXP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: run=C:\WINPENJR\win32\custom.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB002" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [EPSON Stylus C87 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P23 "EPSON Stylus C87 Series" /O6 "USB003" /M "Stylus C87"
O4 - HKLM\..\Run: [EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S94.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P32 "EPSON Stylus C87 Series (Copy 1)" /O6 "USB020" /M "Stylus C87"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB012" /M "Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB016" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [NewRecog] C:\Program Files\HandWrite\MyNewRecog.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AP.EXE /P26 "EPSON Stylus CX4500 Series" /O6 "USB022" /M "Stylus CX4500"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /F "C:\WINDOWS\TEMP\E_S3BD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB027" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB030" /M "Stylus CX3500"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C90 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S87.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\WINDOWS\TEMP\E_S82.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX2900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFP.EXE /FU "C:\WINDOWS\TEMP\E_S59.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PhDesktop] C:\Program Files\Oray\PeanutHull5\PhDesktop.exe
O4 - HKCU\..\Run: [EPSON Stylus C90 Series (Copy 6)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\WINDOWS\TEMP\E_S9E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo 1390 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBXP.EXE /FU "C:\WINDOWS\TEMP\E_S218.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKP.EXE /FU "C:\WINDOWS\TEMP\E_SEF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus C90 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\WINDOWS\TEMP\E_S169.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R230 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /FU "C:\WINDOWS\TEMP\E_SC8.tmp" /EF "HKCU"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PeanutHull DDNS Service (Peanuthull5Core) - 上海贝锐 - C:\WINDOWS\PhCore.exe

--
End of file - 9947 bytes

Comments

  • KatanaKatana
    edited July 2008

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic.
    3. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those three things, everything should go smoothly :D

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    panget wrote:
    Hi, my father is having some problems w/ the PC. Please give us a hand. Thanks.

    There is no obvious malware showing, what problems are you having ?

    Your log does show an abnormal number of printer entries, what printer do you have ?
  • KatanaKatana
    edited July 2008
    Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you. This topic is now closed.

    Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
This discussion has been closed.