|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]()
My pc just recently started slowing on startup.I've removed some programs from the startup list using msconfig and also Ad-Aware,Spybot and Spyware blaster. I've also defragged and used ATFcleaner. I'm thinking there are hidden programs running.I'm not quite sure what to do next.
|
#2
|
|||
|
|||
![]()
Logfile of HijackThis v1.99.1
Scan saved at 6:39:06 PM, on 7/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\DISC\DiscStreamHub.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Last edited by cmjuarez81; July 30th, 2007 at 12:39 AM. |
#3
|
||||
|
||||
Howdy cmjuarez81,
Infection is showing here, so let's start repairs. Download : HostsXpert, and have it ready for use. Run HostsXpert. Press the "Restore MS Hosts File" button and then press the OK button. Go here and download the free version of SUPERAntiSpyware and install it. After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings. Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is). Start-up Options: *Start SUPERAntiSpyware when Windows starts Automatic Updates: *Check for program updates when the application starts. Start-up Scanning: *Check for updates before scanning on startup. Then select Close. Don't scan just yet though. Next Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF). If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective. =============================================== Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Open SUPERAntiSpyware and click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan. SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon). Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here. ================================ Then Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Run a new HijackThis scan, and post that here along with the combofix.txt log and the SUPERAntiSpyware log please. |
#4
|
|||
|
|||
ComboFix
ComboFix 07-07-30.2 - "HP_Administrator" 2007-07-31 6:51:04.2 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 ))))))))))))))))))))))))))))))) 2007-07-31 00:27 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-30 23:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-30 23:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-07-30 23:18 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-30 23:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-07-30 20:38 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-07-30 20:38 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2007-07-30 20:38 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2007-07-30 20:38 26,064 --a------ C:\WINDOWS\system32\xmlinst.exe 2007-07-30 20:38 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-07-30 20:37 <DIR> d-------- C:\Program Files\Ubi Soft 2007-07-30 19:23 1 --a------ C:\DOCUME~1\HP_ADM~1\SI.bin 2007-07-30 18:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft 2007-07-30 17:16 <DIR> d-------- C:\Program Files\FarCry 2007-07-30 16:35 <DIR> d-------- C:\Program Files\uTorrent 2007-07-30 16:35 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\uTorrent 2007-07-30 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-07-30 13:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-07-30 03:03 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-07-30 03:00 <DIR> d-------- C:\Program Files\UBISOFT 2007-07-30 02:53 <DIR> d-------- C:\Program Files\graw 2007-07-30 02:28 <DIR> d-------- C:\Program Files\Eidos 2007-07-30 00:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-07-30 00:39 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-07-30 00:39 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-07-30 00:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-29 23:29 <DIR> d-------- C:\Program Files\DAMN NFO Viewer 2007-07-29 21:58 <DIR> d-------- C:\Program Files\QuickTime 2007-07-29 19:55 <DIR> d-------- C:\Program Files\Microsoft Bootvis 2007-07-26 14:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-26 14:13 <DIR> d-------- C:\Program Files\Lavasoft 2007-07-26 14:13 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Lavasoft 2007-07-26 14:10 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-07-26 13:05 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\.housecall6.6 2007-07-26 10:32 <DIR> d-------- C:\WINDOWS\pss 2007-07-23 19:14 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-07-23 19:14 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-07-23 19:14 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-07-23 19:14 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-07-23 19:14 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-07-23 19:14 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-07-23 19:14 <DIR> dr-h----- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SecuROM 2007-07-23 15:10 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\IGN_DLM 2007-07-23 14:48 <DIR> d-------- C:\GameSpy Arcade Setup 2007-07-23 13:23 18,944 --a------ C:\WINDOWS\eraser.exe 2007-07-22 15:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Kazaa Lite 2007-07-22 15:10 <DIR> d-------- C:\WINDOWS\system32\quicktime 2007-07-22 14:27 21,008 --------- C:\WINDOWS\system32\Ctl3d.dll 2007-07-22 11:35 65,956 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-07-22 02:23 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Shareaza 2007-07-22 00:22 67,472 --a------ C:\WINDOWS\UnDeploy.exe 2007-07-20 09:37 <DIR> d-------- C:\Program Files\EA GAMES 2007-07-20 08:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-07-20 08:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision 2007-07-20 07:49 <DIR> d-------- C:\Program Files\SymNetDrv 2007-07-20 07:29 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-07-20 07:06 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-07-20 07:06 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-07-20 07:06 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-07-20 07:06 <DIR> d-------- C:\Program Files\Norton SystemWorks 2007-07-20 07:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-20 06:51 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-07-20 06:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-07-20 06:02 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-07-19 16:11 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ 2007-07-19 16:09 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR 2007-07-19 14:40 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Shared 2007-07-19 14:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Incomplete 2007-07-19 14:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\LimeWire 2007-07-19 14:32 <DIR> d-------- C:\Program Files\LimeWire 2007-07-19 14:06 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WildTangent 2007-07-19 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent 2007-07-19 09:17 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help 2007-07-19 07:08 <DIR> d-------- C:\WINDOWS\DragonStone Mud Client 2007-07-17 15:48 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) 2007-07-30 23:34 --------- d-------- C:\Program Files\Lx_cats 2007-07-30 21:21 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-30 16:32 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Digital Interactive Systems Corporation 2007-07-29 17:26 --------- d-------- C:\Program Files\Microsoft Money 2005 2007-07-29 17:22 --------- d-------- C:\Program Files\Google 2007-07-26 18:42 --------- d-------- C:\Program Files\Rhapsody 2007-07-23 12:02 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Symantec 2007-07-20 07:49 --------- d-------- C:\Program Files\Symantec 2007-07-20 06:00 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys 2007-07-20 06:00 --------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real 2007-07-20 05:59 --------- d-------- C:\Program Files\Real 2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-15 19:06 71208 --a------ C:\WINDOWS\system32\PhysXLoader.dll 2007-05-06 16:20 742 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 C:\WINDOWS\arpwrmsg.exe] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35] "PCDrProfiler"="" [] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 05:41] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 02:12] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-24 03:17] "lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 09:47] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-07-20 07:49] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-26 19:42] "EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 07:05] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-26 19:43] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-29 21:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 21:12] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-13 16:43] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [] "ares"="C:\Program Files\Ares\Ares.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 17:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-20 08:13:01] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 02:23:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoViewOnDrive"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata 2.sys R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe R2 MCSTRM;MCSTRM;C:\WINDOWS\system32\drivers\MCSTRM.s ys R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.s ys R3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpo licy.sys R3 lxci_device;lxci_device;C:\WINDOWS\system32\lxcico ms.exe -service R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SY S R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\ sddriver.sys Contents of the 'Scheduled Tasks' folder 2007-07-21 15:48:51 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job - C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe 2007-07-30 17:43:15 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job 2007-07-30 05:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job ************************************************** ************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-31 06:53:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ Completion time: 2007-07-31 6:54:47 C:\ComboFix2.txt ... 2007-07-31 00:32 --- E O F --- Last edited by cmjuarez81; July 31st, 2007 at 12:57 PM. |
#5
|
|||
|
|||
![]()
Logfile of HijackThis v1.99.1
Scan saved at 6:49:08 AM, on 7/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Lexmark 7300 Series\lxcimon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Lexmark 7300 Series\ezprint.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\lxcicoms.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe" O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2C11A53A-3916-4135-A1A6-0208A21C20B0}: NameServer = 24.93.41.125,24.93.41.126 O17 - HKLM\System\CS1\Services\Tcpip\..\{2C11A53A-3916-4135-A1A6-0208A21C20B0}: NameServer = 24.93.41.125,24.93.41.126 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Last edited by cmjuarez81; July 31st, 2007 at 12:49 PM. |
#6
|
|||
|
|||
![]()
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 07/31/2007 at 02:58 AM Application Version : 3.9.1008 Core Rules Database Version : 3276 Trace Rules Database Version: 1287 Scan type : Complete Scan Total Scan Time : 01:48:36 Memory items scanned : 163 Memory threats detected : 0 Registry items scanned : 6720 Registry threats detected : 0 File items scanned : 40236 File threats detected : 0 |
#7
|
||||
|
||||
Looks like whatever else you did between your first log post and now removed the infection, since it has vanished in these last logs. I see a Panda driver in the ComboFix log so if you have already run Panda as I might suggest now it doesn't look to be necessary. All that shows here are a few orphaned startup items that can be removed, but not much more. You have Kazaa Lite there - not good in so much as it is a hacked version of the free but adware bundled Kazaa, but since it is literally illegal software it can be modified by infection authors, then offered as a download from their sites without much of a recourse.
Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O15 - Trusted Zone: http://*.trymedia.com (HKLM) Code:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCDrProfiler"=- Not sure there is much of slowness related to infection showing here now. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Startup and shut down very slow.PC slow also | LUVBIRD | Windows XP | 3 | February 11th, 2009 02:27 AM |
runs slow, very slow startup, HJT log. help please. | neanderthal | Malware Removal | 5 | January 20th, 2007 02:32 AM |
Slow startup, slow response, high CPU usage... | Cheetah | Malware Removal | 1 | September 8th, 2006 03:22 AM |
Slow slow slow startup...It's taking my computer forever to start now and | ndbrian | Windows XP | 1 | January 15th, 2006 09:39 PM |
pc is to slow on startup | Dil | Windows XP | 2 | March 2nd, 2005 01:40 AM |
All times are GMT +1. The time now is 12:21 AM.