Please Analyze-Hijackthis log

Question

silclay 0 Newbie Poster

13 Years Ago

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:57 PM, on 10/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\nslsvice.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\CheckPoint\Device Agent\psda.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TalApplication\TevaApplication.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetPower\NetSavePower.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\mydoc\HijackThis\Hijack.This.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tevaconnect.il.teva.corp/apps/hr/tevaconnect.nsf/($All)/009CF71F8B6EDC0742256E23002B8C75?OpenDocument
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: REM 10.128.4.2 zenwsimport
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ImTranslator Pro Toolbar - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files\ImTranslator_Pro\tbImT0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ImTranslator Pro Toolbar - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files\ImTranslator_Pro\tbImT0.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [eTCertManger] C:\WINDOWS\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TevaApplicationLauncher] C:\Program Files\TalApplication\TevaApplication.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NetPower] C:\Program Files\NetPower\NetSavePower.exe /R
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: שלח ל&התקן Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: שלח ל-Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://erpcontp03.il.teva.corp/imtapp/res/jar/cnsload.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = IL.Teva.Corp
O17 - HKLM\Software\..\Telephony: DomainName = IL.Teva.Corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = IL.Teva.Corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = IL.Teva.Corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = IL.Teva.Corp
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\notes\nslsvice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pointsec - Check Point Software Tech Ltd - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Check Point Software Tech Ltd - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Endpoint Security Device Agent (PSDA) - Check Point Seoftware Technologies Ltd. - C:\Program Files\CheckPoint\Device Agent\psda.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: xCmd Service (xCmdSvc) - Unknown owner - C:\WINDOWS\System32\drivers\etc\xCmdSvc.exe (file missing)

--
End of file - 22747 bytes

windows-virus

Edited 13 Years Ago by crunchie because: Removed sensitive material

3 Contributors
5 Replies
205 Views
3 Weeks Discussion Span
Latest Post 13 Years Ago Latest Post by crunchie

All 5 Replies

jholland1964 650 Posting Expert

13 Years Ago

And why did you run HJT? We need to know. I see an excessive amount of processes running during the scan. A lot of unneeded auto starts,an excessive number of auto starting services, and extraordinary number of Trusted Sites, some of which are considered very dangerous. Are these work related? Remainders of an AVG anti virus program that appears to have been incorrectly removed. Otherwise since you don't state what problems you were experiencing that caused you to run HJT I cannot give any advice.
We ask that you follow the steps given in our Read Me First sticky and report back with copy/pastes of requested logs and full information on the problems you may be experiencing.
http://www.daniweb.com/forums/thread134865.html

crunchie 990 Most Valuable Poster

13 Years Ago

Threads/posts will not be deleted unless they break the forum rules. No exceptions.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

silclay 0 Newbie Poster · Answer 1 · 2010-10-22T20:19:14+00:00

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today

silclay 0 Newbie Poster · Answer 2 · 2010-10-22T21:22:22+00:00

silclay 0 Newbie Poster

13 Years Ago

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today
but so far the logs I post seem to be too long for the "reply" to work so I am attaching the txt files

ComboFix.txt (6.76 KB)

ComboFix 10-10-21.02 - dsilver 10/22/2010   7:51:53.1.2 - x86
Running from: C:\mydoc\HijackThis\MalwareBytes forum\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {061AE366-576E-4716-93BD-961A93D59089}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\dsilver\Favorites\Delphion Intellectual Property Network to search, view and analyze patent collections worldwide..ur
C:\Documents and Settings\dsilver\GoToAssistDownloadHelper.exe
C:\mydoc\MP4 player\16GB\New Folder\AVI-TOOL\Desktop_.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\Icons
C:\WINDOWS\system32\Icons\Acrobat8.ico
C:\WINDOWS\system32\Icons\BGinfo.ico
C:\WINDOWS\system32\Icons\BlackBarry.ico
C:\WINDOWS\system32\Icons\Bosanova.ico
C:\WINDOWS\system32\Icons\CallCent.ico
C:\WINDOWS\system32\Icons\CitrixP.ico
C:\WINDOWS\system32\Icons\CitrixT.ico
C:\WINDOWS\system32\Icons\Code.ico
C:\WINDOWS\system32\Icons\ConnectW.ico
C:\WINDOWS\system32\Icons\CuteFTP7.ico
C:\WINDOWS\system32\Icons\Designer.ico
C:\WINDOWS\system32\Icons\DiskOn.ico
C:\WINDOWS\system32\Icons\eCenter.ico
C:\WINDOWS\system32\Icons\ERP Portal.ico
C:\WINDOWS\system32\Icons\ExcelXP.ico
C:\WINDOWS\system32\Icons\Facsys.ico
C:\WINDOWS\system32\Icons\FixPrt.ico
C:\WINDOWS\system32\Icons\G-Top Icon_v2.ico
C:\WINDOWS\system32\Icons\GeL.ico
C:\WINDOWS\system32\Icons\HRWeb.ico
C:\WINDOWS\system32\Icons\IDMUSER.ico
C:\WINDOWS\system32\Icons\ImgPro.ico
C:\WINDOWS\system32\Icons\Infosite.ico
C:\WINDOWS\system32\Icons\KillNote.ico
C:\WINDOWS\system32\Icons\Msds.ico
C:\WINDOWS\system32\Icons\PerformanceEva.ico
C:\WINDOWS\system32\Icons\PowerPXP.ico
C:\WINDOWS\system32\Icons\printers.ico
C:\WINDOWS\system32\Icons\PTV_MESHEK.ico
C:\WINDOWS\system32\Icons\RMilim.ico
C:\WINDOWS\system32\Icons\RunLoginScript.ico
C:\WINDOWS\system32\Icons\SachrWeb.ico
C:\WINDOWS\system32\Icons\SKBW.ico
C:\WINDOWS\system32\Icons\SmarTeam.ico
C:\WINDOWS\system32\Icons\SmarTeamDocCenter.ico
C:\WINDOWS\system32\Icons\survey.ico
C:\WINDOWS\system32\Icons\TapiRNDPortal.ico
C:\WINDOWS\system32\Icons\winscp376.ico
C:\WINDOWS\system32\Icons\Winzip11.ico
C:\WINDOWS\system32\Icons\Wisdom Portal.ico
C:\WINDOWS\system32\Icons\WordXP.ico
C:\WINDOWS\system32\logs
C:\WINDOWS\system32\zlibwapi.dll

----- BITS: Possible infected sites -----

hxxp://ILPTVSMS31.il.teva.corp:80
.
(((((((((((((((((((((((((   Files Created from 2010-09-22 to 2010-10-22  )))))))))))))))))))))))))))))))
.

2010-10-22 08:51:18 . 2010-10-22 08:51:18	--------	d-----w-	C:\WINDOWS\system32\Logs
2010-10-19 15:15:59 . 2010-08-26 08:31:38	69976	----a-w-	C:\WINDOWS\system32\drivers\sbapifs.sys
2010-10-19 15:15:58 . 2010-08-26 08:31:38	21464	----a-w-	C:\WINDOWS\system32\drivers\sbaphd.sys
2010-10-19 14:23:52 . 2010-08-26 08:31:35	15880	----a-w-	C:\WINDOWS\system32\lsdelete.exe
2010-10-19 06:29:00 . 2010-08-26 08:31:36	64288	----a-w-	C:\WINDOWS\system32\drivers\Lbd.sys
2010-10-19 05:43:12 . 2010-10-19 05:43:19	--------	dc-h--w-	C:\Documents and Settings\All Users\Application Data\{A4716110-A599-4517-A21D-0B81799F4676}
2010-10-19 05:42:19 . 2010-10-19 05:42:19	--------	d-----w-	C:\Program Files\Lavasoft
2010-10-15 22:53:08 . 2010-10-15 22:53:08	--------	d-----w-	C:\Documents and Settings\LocalService\Application Data\McAfee
2010-10-15 06:20:15 . 2010-10-15 06:20:15	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\McAfee
2010-10-14 12:30:13 . 2010-10-14 12:31:56	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Temp
2010-10-14 12:27:19 . 2010-10-14 13:35:19	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Google
2010-10-14 12:20:31 . 2010-10-14 12:21:23	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Deployment
2010-10-13 17:19:11 . 2010-10-13 17:19:11	--------	d-----w-	C:\Documents and Settings\dsilver\Application Data\Malwarebytes
2010-10-13 17:18:37 . 2010-10-13 17:18:37	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-13 05:23:20 . 2010-10-13 05:23:20	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\VS Revo Group
2010-10-13 05:22:17 . 2009-12-30 10:20:54	27064	----a-w-	C:\WINDOWS\system32\drivers\revoflt.sys
2010-10-13 05:22:11 . 2010-10-13 05:22:11	--------	d-----w-	C:\Program Files\VS Revo Group
2010-10-12 05:58:34 . 2010-10-12 06:00:05	--------	d-----w-	C:\Documents and Settings\dsilver\Application Data\AVG
2010-10-12 05:54:42 . 2010-10-13 07:36:45	--------	d---a-w-	C:\Documents and Settings\All Users\Application Data\TEMP
2010-10-11 18:34:46 . 2010-10-11 18:34:46	--------	d-----w-	C:\$AVG
2010-10-11 11:23:49 . 2010-10-11 11:23:49	--------	d--h--w-	C:\Documents and Settings\All Users\Application Data\Common Files
2010-10-11 11:21:37 . 2010-10-16 14:45:06	--------	d-----w-	C:\WINDOWS\system32\drivers\AVG
2010-10-11 11:21:37 . 2010-10-13 06:27:11	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\AVG10
2010-10-11 11:18:08 . 2010-10-13 07:37:01	--------	d-----w-	C:\Program Files\AVG
2010-10-11 11:16:23 . 2010-10-11 11:19:32	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\MFAData
2010-10-06 14:13:33 . 2010-10-06 14:13:37	--------	d-----w-	C:\Program Files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
2010-09-06 17:49:04	2735200	----a-w-	C:\Program Files\ImTranslator_Pro\tbImT0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "C:\Program Files\ImTranslator_Pro\tbImT0.dll" [2010-09-06 17:49:04 2735200]

Extras.Txt (53.86 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL Extras logfile created on: 10/21/2010 7:17:32 PM - Run 1

OTL by OldTimer - Version 3.2.16.0     Folder = C:\Documents and Settings\dsilver\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 5092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 135.51 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

 

Computer Name: PTVN035897 | User Name: dsilver | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-1025872632-903748152-2695809327-11159\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[color=#E56717]========== System Restore Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig" = 0

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 4

 

[color=#E56717]========== Firewall Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 0

"AllowUserPrefMerge" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 0

"AllowUserPrefMerge" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil

OTL.Txt (198.21 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL logfile created on: 10/21/2010 7:17:32 PM - Run 1

OTL by OldTimer - Version 3.2.16.0     Folder = C:\Documents and Settings\dsilver\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 5092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 135.51 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

 

Computer Name: PTVN035897 | User Name: dsilver | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2010/10/21 19:11:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dsilver\Desktop\OTL.exe

PRC - [2010/10/19 07:51:33 | 000,929,008 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/10/19 07:51:32 | 001,374,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/03/09 17:21:08 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2010/02/05 16:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2010/02/02 16:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2010/02/02 16:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2010/01/18 22:43:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2010/01/18 14:51:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2010/01/07 10:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

PRC - [2010/01/07 10:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

PRC - [2009/12/31 17:12:18 | 000,113,664 | ---- | M] (Teva) -- C:\Program Files\NetPower\NetSavePower.exe

PRC - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/07/28 01:02:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2009/07/22 08:44:42 | 000,501,032 | ---- | M] (Check Point Seoftware Technologies Ltd.) -- C:\Program Files\CheckPoint\Device Agent\psda.exe

PRC - [2009/07/21 15:05:46 | 000,809,520 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe

PRC - [2009/07/21 15:05:34 | 000,629,296 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\Prot_srv.exe

PRC - [2009/07/21 15:05:34 | 000,174,640 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\pstartSr.exe

PRC - [2009/07/15 23:12:50 | 000,068,488 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe

PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/08/18 18:45:42 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2008/08/18 18:45:42 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2008/08/18 18:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2008/06/18 13:46:54 | 002,691,185 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe

PRC - [2008/06/18 13:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

PRC - [2008/06/18 13:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

PRC - [2008/06/06 18:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2008/06/05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe

PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (L

silclay 0 Newbie Poster · Answer 3 · 2010-10-22T21:23:37+00:00

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today I had to attach the txt files as copy paste made the reply too long

Please Analyze-Hijackthis log

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers