Serious problems!!!!!

[imported_dheeraj_kumar]

My craze for hacking online multiplayer games has slowed down my pc by 100%. now i need help to restore it to the normal. the problems i face are:

1.no exe file or system file in my comp can be deleted. suppose i press del then it wont ever get deleted. even uninstall progs wont remove them, they will just stop responding

2.almost all dos commands relating to files doesnt work, the dos window does not respond

3.my internet(bsnl bb) has slowed down

4.my computer freezes often. even kb/mouse does not work at that point.it happens randomly

5.many programs(including explorer windows) stop responding randomly, it may be after 2 hrs after opening or even at the starting

6.Installshield and windows installer (installation and un-installation) the progressbar freezes, it stops responding, it happens in all softwares installed by these two.

7.on clicking something in the start menu, it freezes often.

these problems surfaced on monday, and on sunday i had uninstalled Compuware Driverstudio with Softice 3.2, might it be due to this? i cannot reinstall it to check due to problem no 6

the software i installed before monday, but quite recent for hacking games:

1.PrevX1(very suspicious)

2.Zonealarm Pro(maybe)

3.a rootkit(dont want to mention the name)(couldnt get it to start, so harmless)

4.a memory editor(pretty harmless)

5.Numega Softice(a debugger, didnt use it a lot, so harmless)

might these problems due to PrevX1? and i played around a lot with the physical memory last week, modifying lots of coding and breaking into restricted memory zones, so if anyone is experinced in these areas, plz help me

oh yeah my system config is
pIII 866 mhz
128 mb ram
winxp home with sp2

the comp even crashed once while typing it, so you can understand how frequent this is.

someone give me a solution for these probs and im gonna give up online game hacking for good! ill make that my new year resolution lol

oh yeah i tried system restore on a date before sunday, but still these problems persisted and i dont wanna reinstall windoze, as i have a bucketload of proggies installed.

 

[rakee]

good solution...format..reinstall everything..hope u have backed up everything

 

[imported_dheeraj_kumar]

bump, any more?

 

[JGuru]

Your PC has been infected by a Virus or a Trojan Horse
which can consume lot of system resources and do
many malicious things like hanging the System, booting
abnormally, slowing down CPU response etc.,

Here is my advice:

1) Have you created a rescue disk using Norton AntiVirus
or any good AntiVirus? If you haven't , then
get one done from a clean PC , your friend's

2) Boot your PC thro a bootable CD Windows 98/ XP
or thro the Rescue disk created.
Go to 'rescue' folder and type 'rescue' and follow
the on screen instructions.

3) If Norton reports that there's no change in the Boot
sector or partition , then leave it as it is.

4)Delete the Partition , format and reinstall the OS

5) After the OS is installed , install ZoneAlarm Pro,
don't install or download any suspicious software
or others from an untrusted source.

6) Keep your system clean.
Upgrade to 256 MB RAM ,since
Microsoft recommends 256MB for Windows XP for
better experience.

 

[imported_dheeraj_kumar]

thx

 

[QwertyManiac]

If problem still persists plz post a Hijack This log here

 

[__Virus__]

If problem still persists plz post a Hijack This log here

Would be of great help to analyze

 

[imported_dheeraj_kumar]

Logfile of HijackThis v1.99.1
Scan saved at 8:29:26 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\QUICKH~1\qhproxy.exe
E:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
e:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
C:\PROGRA~1\QUICKH~1\qhwscsvc.exe
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Shadowmeld\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\apop.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Quick Heal Email Protection] C:\PROGRA~1\QUICKH~1\qhproxy.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /loadrun
O4 - HKLM\..\Run: [!1_pgaccount] "e:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /check
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "e:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Global Startup: XP Keep Per User Display Settings.lnk = C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - *support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - *www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129563564794
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50C3BDF-EF13-460C-A458-9FB3D9DE508D}: NameServer = 218.248.255.145 61.1.96.69
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - e:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - C:\PROGRA~1\QUICKH~1\qhwscsvc.exe
O23 - Service: Quick Heal Online Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

[JGuru]

Looks like a hijack. Format and reinstall the OS.
Keep-away from untrusted websites.
That's all I can say.

 

[dIgItaL_BrAt]

Looks like a hijack. Format and reinstall the OS.
Keep-away from untrusted websites.
That's all I can say.

HijackThis is the NAME of the software.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\apop.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Quick Heal Email Protection] C:\PROGRA~1\QUICKH~1\qhproxy.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /loadrun
O4 - HKLM\..\Run: [!1_pgaccount] "e:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /check
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "e:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Global Startup: XP Keep Per User Display Settings.lnk = C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - *support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - *www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129563564794
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50C3BDF-EF13-460C-A458-9FB3D9DE508D}: NameServer = 218.248.255.145 61.1.96.69
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - e:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - C:\PROGRA~1\QUICKH~1\qhwscsvc.exe
O23 - Service: Quick Heal Online Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

@dheeraj_kumar:have u noticed that ur Prevx installation is corrupt,most probably that's the reason for the slowdown.

 

[QwertyManiac]

Logfile of HijackThis v1.99.1
Scan saved at 8:29:26 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\QUICKH~1\qhproxy.exe
E:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
e:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
C:\PROGRA~1\QUICKH~1\qhwscsvc.exe
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Shadowmeld\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\QUICKH~1\apop.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Quick Heal Email Protection] C:\PROGRA~1\QUICKH~1\qhproxy.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /loadrun
O4 - HKLM\..\Run: [!1_pgaccount] "e:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.exe /check
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "e:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Global Startup: XP Keep Per User Display Settings.lnk = C:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - *support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - *www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129563564794
O17 - HKLM\System\CCS\Services\Tcpip\..\{C50C3BDF-EF13-460C-A458-9FB3D9DE508D}: NameServer = 218.248.255.145 61.1.96.69
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - e:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - C:\PROGRA~1\QUICKH~1\qhwscsvc.exe
O23 - Service: Quick Heal Online Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Try these , not sure...