Posts by silclay

silclay 0 Newbie Poster

14 Years Ago

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today I had to attach the txt files as copy paste made the reply too long

Information Security windows-virus

silclay 0 Newbie Poster

14 Years Ago

Re: Please Analyze-Hijackthis log

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today
but so far the logs I post seem to be too long for the "reply" to work so I am attaching the txt files

ComboFix.txt (6.76 KB)

ComboFix 10-10-21.02 - dsilver 10/22/2010   7:51:53.1.2 - x86
Running from: C:\mydoc\HijackThis\MalwareBytes forum\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {061AE366-576E-4716-93BD-961A93D59089}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\dsilver\Favorites\Delphion Intellectual Property Network to search, view and analyze patent collections worldwide..ur
C:\Documents and Settings\dsilver\GoToAssistDownloadHelper.exe
C:\mydoc\MP4 player\16GB\New Folder\AVI-TOOL\Desktop_.ini
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\Icons
C:\WINDOWS\system32\Icons\Acrobat8.ico
C:\WINDOWS\system32\Icons\BGinfo.ico
C:\WINDOWS\system32\Icons\BlackBarry.ico
C:\WINDOWS\system32\Icons\Bosanova.ico
C:\WINDOWS\system32\Icons\CallCent.ico
C:\WINDOWS\system32\Icons\CitrixP.ico
C:\WINDOWS\system32\Icons\CitrixT.ico
C:\WINDOWS\system32\Icons\Code.ico
C:\WINDOWS\system32\Icons\ConnectW.ico
C:\WINDOWS\system32\Icons\CuteFTP7.ico
C:\WINDOWS\system32\Icons\Designer.ico
C:\WINDOWS\system32\Icons\DiskOn.ico
C:\WINDOWS\system32\Icons\eCenter.ico
C:\WINDOWS\system32\Icons\ERP Portal.ico
C:\WINDOWS\system32\Icons\ExcelXP.ico
C:\WINDOWS\system32\Icons\Facsys.ico
C:\WINDOWS\system32\Icons\FixPrt.ico
C:\WINDOWS\system32\Icons\G-Top Icon_v2.ico
C:\WINDOWS\system32\Icons\GeL.ico
C:\WINDOWS\system32\Icons\HRWeb.ico
C:\WINDOWS\system32\Icons\IDMUSER.ico
C:\WINDOWS\system32\Icons\ImgPro.ico
C:\WINDOWS\system32\Icons\Infosite.ico
C:\WINDOWS\system32\Icons\KillNote.ico
C:\WINDOWS\system32\Icons\Msds.ico
C:\WINDOWS\system32\Icons\PerformanceEva.ico
C:\WINDOWS\system32\Icons\PowerPXP.ico
C:\WINDOWS\system32\Icons\printers.ico
C:\WINDOWS\system32\Icons\PTV_MESHEK.ico
C:\WINDOWS\system32\Icons\RMilim.ico
C:\WINDOWS\system32\Icons\RunLoginScript.ico
C:\WINDOWS\system32\Icons\SachrWeb.ico
C:\WINDOWS\system32\Icons\SKBW.ico
C:\WINDOWS\system32\Icons\SmarTeam.ico
C:\WINDOWS\system32\Icons\SmarTeamDocCenter.ico
C:\WINDOWS\system32\Icons\survey.ico
C:\WINDOWS\system32\Icons\TapiRNDPortal.ico
C:\WINDOWS\system32\Icons\winscp376.ico
C:\WINDOWS\system32\Icons\Winzip11.ico
C:\WINDOWS\system32\Icons\Wisdom Portal.ico
C:\WINDOWS\system32\Icons\WordXP.ico
C:\WINDOWS\system32\logs
C:\WINDOWS\system32\zlibwapi.dll

----- BITS: Possible infected sites -----

hxxp://ILPTVSMS31.il.teva.corp:80
.
(((((((((((((((((((((((((   Files Created from 2010-09-22 to 2010-10-22  )))))))))))))))))))))))))))))))
.

2010-10-22 08:51:18 . 2010-10-22 08:51:18	--------	d-----w-	C:\WINDOWS\system32\Logs
2010-10-19 15:15:59 . 2010-08-26 08:31:38	69976	----a-w-	C:\WINDOWS\system32\drivers\sbapifs.sys
2010-10-19 15:15:58 . 2010-08-26 08:31:38	21464	----a-w-	C:\WINDOWS\system32\drivers\sbaphd.sys
2010-10-19 14:23:52 . 2010-08-26 08:31:35	15880	----a-w-	C:\WINDOWS\system32\lsdelete.exe
2010-10-19 06:29:00 . 2010-08-26 08:31:36	64288	----a-w-	C:\WINDOWS\system32\drivers\Lbd.sys
2010-10-19 05:43:12 . 2010-10-19 05:43:19	--------	dc-h--w-	C:\Documents and Settings\All Users\Application Data\{A4716110-A599-4517-A21D-0B81799F4676}
2010-10-19 05:42:19 . 2010-10-19 05:42:19	--------	d-----w-	C:\Program Files\Lavasoft
2010-10-15 22:53:08 . 2010-10-15 22:53:08	--------	d-----w-	C:\Documents and Settings\LocalService\Application Data\McAfee
2010-10-15 06:20:15 . 2010-10-15 06:20:15	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\McAfee
2010-10-14 12:30:13 . 2010-10-14 12:31:56	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Temp
2010-10-14 12:27:19 . 2010-10-14 13:35:19	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Google
2010-10-14 12:20:31 . 2010-10-14 12:21:23	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\Deployment
2010-10-13 17:19:11 . 2010-10-13 17:19:11	--------	d-----w-	C:\Documents and Settings\dsilver\Application Data\Malwarebytes
2010-10-13 17:18:37 . 2010-10-13 17:18:37	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-13 05:23:20 . 2010-10-13 05:23:20	--------	d-----w-	C:\Documents and Settings\dsilver\Local Settings\Application Data\VS Revo Group
2010-10-13 05:22:17 . 2009-12-30 10:20:54	27064	----a-w-	C:\WINDOWS\system32\drivers\revoflt.sys
2010-10-13 05:22:11 . 2010-10-13 05:22:11	--------	d-----w-	C:\Program Files\VS Revo Group
2010-10-12 05:58:34 . 2010-10-12 06:00:05	--------	d-----w-	C:\Documents and Settings\dsilver\Application Data\AVG
2010-10-12 05:54:42 . 2010-10-13 07:36:45	--------	d---a-w-	C:\Documents and Settings\All Users\Application Data\TEMP
2010-10-11 18:34:46 . 2010-10-11 18:34:46	--------	d-----w-	C:\$AVG
2010-10-11 11:23:49 . 2010-10-11 11:23:49	--------	d--h--w-	C:\Documents and Settings\All Users\Application Data\Common Files
2010-10-11 11:21:37 . 2010-10-16 14:45:06	--------	d-----w-	C:\WINDOWS\system32\drivers\AVG
2010-10-11 11:21:37 . 2010-10-13 06:27:11	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\AVG10
2010-10-11 11:18:08 . 2010-10-13 07:37:01	--------	d-----w-	C:\Program Files\AVG
2010-10-11 11:16:23 . 2010-10-11 11:19:32	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\MFAData
2010-10-06 14:13:33 . 2010-10-06 14:13:37	--------	d-----w-	C:\Program Files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}]
2010-09-06 17:49:04	2735200	----a-w-	C:\Program Files\ImTranslator_Pro\tbImT0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "C:\Program Files\ImTranslator_Pro\tbImT0.dll" [2010-09-06 17:49:04 2735200]

Extras.Txt (53.86 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL Extras logfile created on: 10/21/2010 7:17:32 PM - Run 1

OTL by OldTimer - Version 3.2.16.0     Folder = C:\Documents and Settings\dsilver\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 5092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 135.51 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

 

Computer Name: PTVN035897 | User Name: dsilver | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-1025872632-903748152-2695809327-11159\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[color=#E56717]========== System Restore Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableConfig" = 0

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 4

 

[color=#E56717]========== Firewall Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 0

"AllowUserPrefMerge" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 0

"AllowUserPrefMerge" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil

OTL.Txt (198.21 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL logfile created on: 10/21/2010 7:17:32 PM - Run 1

OTL by OldTimer - Version 3.2.16.0     Folder = C:\Documents and Settings\dsilver\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 5092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 135.51 Gb Free Space | 58.19% Space Free | Partition Type: NTFS

 

Computer Name: PTVN035897 | User Name: dsilver | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2010/10/21 19:11:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dsilver\Desktop\OTL.exe

PRC - [2010/10/19 07:51:33 | 000,929,008 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/10/19 07:51:32 | 001,374,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/03/09 17:21:08 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2010/02/05 16:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2010/02/02 16:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2010/02/02 16:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2010/01/18 22:43:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2010/01/18 14:51:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2010/01/07 10:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

PRC - [2010/01/07 10:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

PRC - [2009/12/31 17:12:18 | 000,113,664 | ---- | M] (Teva) -- C:\Program Files\NetPower\NetSavePower.exe

PRC - [2009/12/01 11:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/07/28 01:02:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2009/07/22 08:44:42 | 000,501,032 | ---- | M] (Check Point Seoftware Technologies Ltd.) -- C:\Program Files\CheckPoint\Device Agent\psda.exe

PRC - [2009/07/21 15:05:46 | 000,809,520 | ---- | M] (Check Point Software Tech Ltd) -- C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe

PRC - [2009/07/21 15:05:34 | 000,629,296 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\Prot_srv.exe

PRC - [2009/07/21 15:05:34 | 000,174,640 | ---- | M] (Check Point Software Tech Ltd) -- C:\WINDOWS\system32\pstartSr.exe

PRC - [2009/07/15 23:12:50 | 000,068,488 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe

PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2008/08/18 18:45:42 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2008/08/18 18:45:42 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2008/08/18 18:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2008/06/18 13:46:54 | 002,691,185 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe

PRC - [2008/06/18 13:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

PRC - [2008/06/18 13:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

PRC - [2008/06/06 18:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2008/06/05 02:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe

PRC - [2008/05/14 16:21:16 | 000,037,416 | ---- | M] (L

Information Security windows-virus

silclay 0 Newbie Poster

14 Years Ago

Re: Please Analyze-Hijackthis log

Hi there jholland
I am sorry, My comp slowes to a crawl and freezes often and I don't think I can fully run the progs
AdAware keeps finding files from a trojan downloader but doesn't get rid of the problem.
If you have noticed particular unneeded auto starts,or suspicious auto starting services, and very dangerous "Trusted Sites", I would be more than obliged if you could point them out and I can fix them on the Hijackthis
I will try and add here the log files from OTL and Combifix which I managed to run yesterday/today

Information Security windows-virus

silclay 0 Newbie Poster

14 Years Ago

Please Analyze-Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:57 PM, on 10/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\nslsvice.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\CheckPoint\Device Agent\psda.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\eTCrtMng.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\TalApplication\TevaApplication.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetPower\NetSavePower.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
…

Information Security windows-virus

silclay 0 Newbie Poster

14 Years Ago

Just wanted to say Hello

New to the community
Being polite
Lovely to be here speak soon

silclay
(ThePope)

Say Hello!