1. Background: I am having a problem with my desktop being very slow. It is shared and I don't use it often so I can't recall at what time when it slowed down--so I don't know what was installed to make it act like this. Some programs open and work choppy and some when I go to run they show in the processes but the UI never loads or sometimes loads after several minutes. Also when I go to My Computer it gives me the magnifying glass for a long time but I can just type the drive letter and that will load.
Hijack Log[INACTIVE]
in Malware Removal
Posted
1. Background: I am having a problem with my desktop being very slow. It is shared and I don't use it often so I can't recall at what time when it slowed down--so I don't know what was installed to make it act like this. Some programs open and work choppy and some when I go to run they show in the processes but the UI never loads or sometimes loads after several minutes. Also when I go to My Computer it gives me the magnifying glass for a long time but I can just type the drive letter and that will load.
2. My Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:23 AM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program
Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common
Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\EKIJ5000MUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\YourWare
Solutions\FreeRAM XP Pro\FreeRAM XP
Pro.exe
C:\Program Files\Mozilla
Firefox\firefox.exe
C:\Program Files\Skype\Plugin
Manager\skypePM.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ycomp/def
aults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
https://pbells.broadjump.com/wizlet/BellSo
uth53/launch.htm
O2 - BHO: (no name) -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
(no file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plug
in.dll
O3 - Toolbar: (no name) -
{D0943516-5076-4020-A3B5-AEFAF26AB263} -
(no file)
O3 - Toolbar: AT&&T Toolbar -
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -
C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Veoh Web Player Video Finder
- {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} -
C:\Program Files\Veoh
Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Run StartupMonitor]
StartupMonitor.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbar
Init
O4 - HKLM\..\Run: [HelpCenter4.1]
C:\Program
Files\FastAccessDSL\HelpCenter43\bin\sprtc
md.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program
Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched]
"C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbar
Init
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program
Files\YourWare Solutions\FreeRAM XP
Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce:
[WUAppSetup] C:\Program Files\Common
Files\logishrd\WUApp32.exe -v 0x046d -p
0x092e -f video -m logitech -d 11.5.0.1145
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
(User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce:
[WUAppSetup] C:\Program Files\Common
Files\logishrd\WUApp32.exe -v 0x046d -p
0x092e -f video -m logitech -d 11.5.0.1145
(User 'Default user')
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program
Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search
- res://C:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.
EXE/3000
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot -
Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} -
C:\Program
Files\PartyGaming.Net\PartyPokerNet\RunPF.
exe (file missing)
O9 - Extra 'Tools' menuitem:
PartyPoker.net -
{F4430FE8-2638-42e5-B849-800749B94EED} -
C:\Program
Files\PartyGaming.Net\PartyPokerNet\RunPF.
exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
(file missing)
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
(file missing)
O12 - Plugin for .spop: C:\Program
Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://toolbar.imageshack.us
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:
{406B5949-7190-4245-91A9-30A17DE16AD0}
(Snapfish Activia) -
http://photos.walmart.com/WalmartActivia.c
ab
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/microsoftupdat
e/v6/V5Controls/en/x86/client/muweb_site.c
ab?1154876596614
O16 - DPF:
{E87F6C8E-16C0-11D3-BEF7-009027438003}
(Persits Software XUpload) -
http://www.auctiva.com/hostedimages/active
x/xupload/XUpload.ocx
O18 - Protocol: linkscanner -
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
(no file)
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe LM Service - Unknown
owner - C:\Program Files\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal -
Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH -
C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal -
Free Antivirus Guard (AntiVirService) -
Avira GmbH - C:\Program
Files\Avira\AntiVir PersonalEdition
Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server
(Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service
(Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Free8 E-mail Scanner
(avg8emc) - Unknown owner -
C:\PROGRA~1\AVG\AVG8\avgemc.exe (file
missing)
O23 - Service: AVG Free8 WatchDog (avg8wd)
- Unknown owner -
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file
missing)
O23 - Service: Canon Camera Access Library
8 (CCALib8) - Canon Inc. - C:\Program
Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM
Access - Unknown owner -
C:\WINDOWS\System32\CTsvcCDA.EXE (file
missing)
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPodService - Unknown owner
- C:\Program
Files\iPod\bin\iPodService.exe (file
missing)
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Device Service
(KodakSvc) - SDSD - C:\Program
Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LVSrvLauncher - Logitech
Inc. - C:\Program Files\Common
Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive
Communications, Inc. - C:\Program
Files\Common
Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9039 bytes