MGLogs.zip for review -- machine is slowing

Discussion in 'Malware Help (A Specialist Will Reply)' started by NeverLift2, Nov 29, 2008.

  1. NeverLift2

    NeverLift2 Private E-2

    May be my impatience, but the W2k 2.4gz machine seems to have slowed from the speed it had when I recreated the system from scratch, including complete drive reformatting.

    There were two "overflow" messages when analyzing the registry, but I didn't capture them.

    I did follow all the steps specified in the MajorGeeks instructions before creating the attached submission.

    Will check back for your comments. Thanks.
     

    Attached Files:

    NeverLift2, Nov 29, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You need to attach the below other requested logs:

    • SUPERAntiSpyware
    • Malwarebytes Anti-Malware - it appears that you did not even install this
    • ComboFix
    How much memory do you have in this PC?
     
    chaslang, Nov 30, 2008
    #2
  3. NeverLift2

    NeverLift2 Private E-2

    NeverLift2, Dec 1, 2008
    #3
  4. NeverLift2

    NeverLift2 Private E-2

    OK, I'll rerun them all, post the logs.

    Can't seem to find the logs other than that already submitted, which came from MGtools.
     
    NeverLift2, Dec 1, 2008
    #4
  5. NeverLift2

    NeverLift2 Private E-2

    OK, redoing all, will post as requested.

    Eom.
     
    NeverLift2, Dec 1, 2008
    #5
  6. NeverLift2

    NeverLift2 Private E-2

    Additional logs for review

    Attached. I did not rerun the MGTools, let me know if I should. Thanks.
     

    Attached Files:

    NeverLift2, Dec 1, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean other than my comment below.
    I don't think your speed issues are malware. You need to add as much memory as your PC and Windows OS will allow. 256MB is not enough to meet the demands of todays software.

    Do you know if UltimateBuddy is related to UltimateBet both of which you have installed? I ask because UltimateBuddy is considered malware. See this: http://www.castlecops.com/s13689-UltimateBuddy.html
    Code:
    "C:\WINNT\"
ultima~1.ini  Aug 28 2008           0  "UltimateBuddy.INI"
 
2008-08-28 17:53  32 --sha-w  c:\winnt\{004B9992-5F40-4F9E-8B73-CF90E9E6F02B}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\{18EAC748-9682-44F3-BCA1-24A1312FE1CF}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\{3B38A8D5-C6C6-4E6A-8E92-BFF39C6BC23A}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\{9879FF1B-8229-4FAA-A9AA-49BC59DAF842}.dat
2008-08-28 17:48  32 --sha-w  c:\winnt\{A8E3D1A6-2785-441D-B102-6298A3FC6064}.dat
2008-08-28 17:51  32 --sha-w  c:\winnt\{ABEE8AC8-1D45-4A09-A0ED-D053681D4D04}.dat
2008-08-28 17:52  32 --sha-w  c:\winnt\{F181B6D6-1D78-402E-BF3E-2FE6DDFDA46C}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\system32\{1CF669D4-5874-4DB7-A5DA-7B4E81687EE1}.dat
2008-08-28 17:53  32 --sha-w  c:\winnt\system32\{5B041C9D-AEFD-4890-A07E-38EF2E40782D}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\system32\{5C8C0E42-B386-425F-94F7-3AB7F2E4CD11}.dat
2008-08-28 17:48  32 --sha-w  c:\winnt\system32\{718C0669-E8FC-4C1B-887F-BDC88AAF1F9A}.dat
2008-08-28 17:51  32 --sha-w  c:\winnt\system32\{7F3CEC48-7179-431D-A802-EB71C91485CA}.dat
2008-08-28 17:50  32 --sha-w  c:\winnt\system32\{997B566B-5BDD-4AD1-94E8-63FA8748C5BC}.dat
2008-08-28 17:52  32 --sha-w  c:\winnt\system32\{F05A12DF-B6AF-4098-A140-F1601CE2F857}.dat
 
 
"C:\Program Files\"
ULTIMA~1      Nov 28 2008              "UltimateBet"
ULTIMA~2      Nov 26 2008              "UltimateBuddy"
    Also what is in the below folder?
    Code:
    "C:\Program Files\Common Files\"
LHSPF         Sep  3 2008              "Lhspf"
     
    chaslang, Dec 4, 2008
    #7
  8. NeverLift2

    NeverLift2 Private E-2

    I don't know why Lhspf is present. It contains the folder LingTech which contains several dll's along with Ltih30en.rul which I examined with Notepad and within which I found the text string "Copyright Novell, Inc. 1993" along with what look like a variety of command or option text strings. One of the files is lt40ms.dll which at http://www.spywaredata.com/spyware/malware/lt40ms.dll.php is described as being safe. There are no obvious entries in Add/Remove programs that might reference it. Another web site suggested it may be used by Visio, originally a Novell product then bought by Micsosoft, which I have installed.

    UltimateBuddy is a friends location program for the UltimateBet poker site. I installed it from there but no longer use it and will de-install it. I did have it set to not start automatically on logon.

    Will go get more memory. Still have trouble believing the memory needs of these systems. I started in the days of the multi-miliion dollar IBM 7090 mainframe, which maxed out at 64k 36 bit words, and was used to design atomic weapons! (Then, again, there was the 7030 "Stretch", of which 3 were built that we know of, water-cooled so it was installed by plumbers, I wrote code for one, it was at NSA.)

    Thanks for your help. I will never understand why it takes a 2.4ghz machine the better part of a minute to simply shut down . . .
     
    NeverLift2, Dec 5, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Possibly a language translation program >>> http://www.lingtech.com/

    All the processes and files that are opened by all programs (and there are many of them), including what Windows itself has opened, need to be terminated and files have to be closed before shutting down to avoid file corruption.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Dec 6, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds