Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something in memory, help needed

Started by JBYea , Feb 21 2006 09:24 AM

  • This topic is locked This topic is locked
21 replies to this topic

#1 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 February 2006 - 09:24 AM

I think something is running in memory, cpu usage is always at 100% when I look in task manager, also automatic windows update icon on lower right hand bottom task bar shors and exclaimation point and says 45%, this is after I went and did the windows update manually so to speak.
ran mcaffee virus scan in safe mode, it found winfixer, anyway, help appreciated!
Jenny

Logfile of HijackThis v1.99.1
Scan saved at 7:16:34 AM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\RadioSvr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HpRfDev.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\System32\HPBPRO.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p \\C461781-c\HP LASERJET -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 March 2006 - 01:34 PM

JBYea,

Welcome back to the forum, at a quick glance I am not looking at anything bad on your log, not to say something could be hidden that is not showing up on your log. Your CPU running that high is not normall and usually caused be a virus or something. You said Mcafee found Winfixer, are you getting a lot of pop ups??




Download and install Ewido Anti-Malware
Ewido Anti-Malware
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program <-- Dont run it yet


Now reboot into Safemode
To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Now open Ewido
o Click on scanner.
o Run a full system scan
o Let the program scan the machine.
o While the scan is in progress you will be prompted to clean files, click OK.
o When Prompted - Select Perform action on all infections.
o Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
o Click Save report.
o Save the report to your desktop.


Post back with the Ewido report and a new HJT log please.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 09:44 AM

Hi Ken
Thanks for the welcome back. Sure wish I didn't have to be back here!

You asked about pop-ups. We are not seeing those. The only symptom really is the cpu running at 100%.
Since I posted the original log on Feb 21, I decided to use one of those system restore points and go back to about when I thought I had the machine all cleaned up before. I was careful after the help I got from TCF the first tiime to delete the old restore points. Anyway, it did no good. Don't know if if should have anyway. I'm not really all the computer savvy. Whateveris in memory is still there.
So now to the present.
Below please find the Ewido report and the HJT log. Ewido did find stuff and I let it clean as instructed. The cpu is still running at 100% though.

Logfile of HijackThis v1.99.1
Scan saved at 7:31:17 AM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HpRfDev.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p \\C461781-c\HP LASERJET -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MoodLogic Service] C:\Program Files\MoodLogic\Service\MLService.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:17:10 AM, 3/13/2006
+ Report-Checksum: 662D728D

+ Scan result:

HKU\S-1-5-21-1605616401-1203367206-2587936551-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup
HKU\S-1-5-21-1605616401-1203367206-2587936551-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -> Trojan.Small.anm : Cleaned with backup
HKU\S-1-5-21-1605616401-1203367206-2587936551-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBF02DA-4360-4A7E-BEA1-347B87816327} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-1605616401-1203367206-2587936551-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Limited for Everday\Application Data\Mozilla\Firefox\Profiles\8ll9g8d5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.582:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.587:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.589:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gf0067d2.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup


::Report End

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 March 2006 - 10:16 AM

JBYea,

A couple of things, you have Spysweeper installed, did you buy the program or is it the Trial?? If you can run another scan and post the log it would be great, if you cant run it, then you need to remove it in the Add-Remove Programs in the Control Panel as it does tend to use resources.



This is a shot in the dark, there was a registry entry on your Ewido log pointing to a Vundo infection although there are no entries in your log pointing to one, lets run the fix and make sure you dont have this badie.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

If you can run Spysweeper, do so and paste the log in this thread along with the report from the Vundo Fix and a new HJT log.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 11:15 AM

Ken I followed the instructions (really!) but 10 minutes later vundofix still hasn't reopened after it's supposed less than a mnute close. Should I try again or what? thanks Jenny

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 March 2006 - 11:33 AM

I would reboot and give it another shot, if it still dont work, try this one. This program will show if there are any files present for the Vundo Infection.


Download and run blacklite
F-Secure Blacklight: http://www.f-secure....light/try.shtml
leave [X]scan through windows explorer checked,
click > scan then > next,
If any items show have blacklite rename them except for wbemtest.exe"
Do not rename "wbemtest.exe" its a windows file
The tool will ask if you want to reboot (restart) choose yes.


Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 03:24 PM

Ken, Quick question, I am running Spysweeper as suggested and it had found one thing so far called System Monitor:watchdog and some traces of stuff. It is still running but should I also let it remove what it finds or do you want to handle that some other way? Also I got vundofix tool to work by not checking run as a task option. Will post both logs when they are done but let me know if I should let spysweeper remove. thanks Jenny

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 March 2006 - 03:32 PM

Jenny, Let Spysweeper run and fix everything it finds, since you got the Vundo fix to run, I will be interested in seeing the logs from both programs. Since you got Vundo to run, you can skip Blacklight. If both those scans come up clean, we need to go over your log, you have a ton of stuff starting up and some may not be needed, plus I have a few things for you to try hardware wise. But before we proceed, I want to look at those logs. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 06:53 PM

I did buy spysweeper after the last round of infections, it go the "award" (my money) because it found whatever was in memory last time I had troubles. Be happy to hear whatever suggestions you have, the machine is incredibly slow to start up and the constant running of the fan drives me crazy. I might be just making this up but I think that when the processor is running at 100% then the fan and whatever else I am hearing are up and running at full speed. This is a lap top. After the vundo fix and spysweeper fix, just checked and processor still at 100%. Thanks Jenny Ok, here ya go Here is spysweeper log ******** 10:42 AM: | Start of Session, Monday, March 13, 2006 | 10:42 AM: Spy Sweeper started 10:42 AM: Sweep initiated using definitions version 630 10:42 AM: Starting Memory Sweep 11:02 AM: Memory Sweep Complete, Elapsed Time: 00:19:24 11:02 AM: Starting Registry Sweep 11:42 AM: Registry Sweep Complete, Elapsed Time:00:40:19 11:42 AM: Starting Cookie Sweep 11:42 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01 11:42 AM: Starting File Sweep 12:40 PM: Warning: Failed to open file "c:\recycler\ 12:40 PM: Found System Monitor: watchdog 12:40 PM: c:\program files\watchdog (5 subtraces) (ID = -2147480082) 12:50 PM: Warning: Failed to open file "c:\recycler\ 12:56 PM: Warning: Failed to open file "c:\recycler\ 1:03 PM: a0023593.exe (ID = 83699) 1:54 PM: Warning: Failed to open file "c:\recycler\ 2:13 PM: a0023601.exe (ID = 83707) 2:24 PM: Warning: Failed to open file "c:\recycler\ 2:33 PM: Warning: Failed to open file "c:\recycler\ 2:55 PM: Warning: Failed to open file "c:\recycler\ 3:14 PM: Warning: Failed to open file "c:\recycler\ 3:34 PM: Warning: File not found 3:34 PM: Warning: File not found 3:34 PM: Warning: File not found 3:35 PM: Warning: File not found 3:39 PM: Warning: File not found 3:40 PM: Warning: File not found 3:40 PM: Warning: File not found 3:41 PM: Warning: File not found 3:45 PM: File Sweep Complete, Elapsed Time: 04:02:41 3:45 PM: Full Sweep has completed. Elapsed time 04:57:37 3:45 PM: Traces Found: 8 4:41 PM: Removal process initiated 4:41 PM: Quarantining All Traces: watchdog 4:42 PM: Removal process completed. Elapsed time 00:00:35 and here is vundo log VundoFix V4.2.33 Checking Java version... Java version is 1.5.0.6 Scan started at 10:14:38 AM 3/13/2006 Listing files found while scanning.... C:\WINDOWS\Microsoft.NET\lruteni.bak1 C:\WINDOWS\Microsoft.NET\lruteni.bak2 C:\WINDOWS\Microsoft.NET\lruteni.tmp C:\WINDOWS\Microsoft.NET\lruteni.ini C:\WINDOWS\Microsoft.NET\lruteni.ini2 C:\WINDOWS\system32\qttwa.bak1 C:\WINDOWS\system32\qttwa.bak2 C:\WINDOWS\system32\qttwa.tmp C:\WINDOWS\system32\qttwa.ini C:\WINDOWS\system32\qttwa.ini2 C:\WINDOWS\Microsoft.NET\lruteni.ini2 C:\WINDOWS\Microsoft.NET\lruteni.bak2 C:\WINDOWS\Microsoft.NET\lruteni.tmp C:\WINDOWS\Microsoft.NET\lruteni.ini C:\WINDOWS\Microsoft.NET\lruteni.ini2 C:\WINDOWS\system32\qttwa.ini2 C:\WINDOWS\system32\qttwa.bak2 C:\WINDOWS\system32\qttwa.tmp C:\WINDOWS\system32\qttwa.ini C:\WINDOWS\system32\qttwa.ini2 Attempting to delete C:\WINDOWS\Microsoft.NET\lruteni.bak1 C:\WINDOWS\Microsoft.NET\lruteni.bak1 Has been deleted! Attempting to delete C:\WINDOWS\Microsoft.NET\lruteni.bak2 C:\WINDOWS\Microsoft.NET\lruteni.bak2 Has been deleted! Attempting to delete C:\WINDOWS\Microsoft.NET\lruteni.tmp C:\WINDOWS\Microsoft.NET\lruteni.tmp Has been deleted! Attempting to delete C:\WINDOWS\Microsoft.NET\lruteni.ini C:\WINDOWS\Microsoft.NET\lruteni.ini Has been deleted! Attempting to delete C:\WINDOWS\Microsoft.NET\lruteni.ini2 C:\WINDOWS\Microsoft.NET\lruteni.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\qttwa.bak1 C:\WINDOWS\system32\qttwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\qttwa.bak2 C:\WINDOWS\system32\qttwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\qttwa.tmp C:\WINDOWS\system32\qttwa.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\qttwa.ini C:\WINDOWS\system32\qttwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qttwa.ini2 C:\WINDOWS\system32\qttwa.ini2 Has been deleted! Performing Repairs to the registry. Done!

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 March 2006 - 08:07 PM

Jenny,



Be happy to hear whatever suggestions you have, the machine is incredibly slow to start up and the constant running of the fan drives me crazy. I might be just making this up but I think that when the processor is running at 100% then the fan and whatever else I am hearing are up and running at full speed. This is a lap top.

This could well be a hardware problem, your fan shouldnt run that fast all the time.

Does your laptop feel hot to the touch?
How old is your laptop?
Is it still under warranty?
Can you call the manufacturer and let them know what its doing and have them look at it?


Vundo found some traces of the infection but no executable files that make it run. I dont see any entry on your log for watchdog. Other than that , I was looking for the latest infections that hide and show up on Spysweeper and nothing showed up.

c:\program files\watchdog <-- Do you ever remember installing this program?



Open up HJT > Misc Tools> Uninstall Manager and click on Save list and paste the list into this thread.




Open up Task Manager by pressing on Control > Alt > Delete keys , when it opens go to the Processes Tab , up at the top, double click on CPU and it will bring the tasks that are using the most CPU to the top of the list. You cant save a log so just write them down and tell me what the top 5 programs that are using the most CPU.



If you look at your HJT log , all the 04 entries are what are starting up and running when you start your computer. DONT REMOVE ANY OF THEM, but look through them and see if there are programs that you can live without. Let me know and we can remove the ones you dont use safely by uninstalling that program.


Post back and let me know whats going on, its starting to look more and more like a hardware issue and if so I am going to send you to a different forum that has experts that deal with this sort of thing.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#11 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 08:25 PM

Wow, this is a trip. The Processes are just flicking things addig things leaving. I had nothing opened (i shut down firefox) and something is constantly being added to the list and taken away, I can't tell what yet, maybe if I stare long enough I cn tell. Is that normal? Also, the CPU column values change right before my eyes for some of the items. CPU items using alot are spnsrvnt.exe system changes all the time value of 98 for spu taskmgr.exe wrsssdk.exe but also changes constantly HPBpro pops u with a value of 2 also explorer is constantly coming and coing on the list now I have firefox open and it is also changing values Is it CPU you wanted to see or Mem usage? I was list CPU above Jenny

#12 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 08:27 PM

Sorry, was so facinated by the task manager list that I forgot to post the HJT uninstall thingy you wanted. Here it is Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Photoshop 6.0 ALi FIR Driver AnswerWorks Runtime ASAPI Update ASCOM Platform 4.0.1 AstroVideo ATI Display Driver AVIedit 3.37 Canon PowerShot 2.4 CCDOPS5 CCDSoft CCleaner (remove only) Conexant 56K ACLink Modem Conexant 56K ACLink Modem Conexant AC-Link Audio Corel Applications Creative PC-CAM Center Creative WebCam Monitor Creative WebCam Pro eX Driver (1.02.01.0102) Creative WebCam Pro eX Manual (English) Diablo II e-DiagTools for Windows Equalizer ewido security suite Google Toolbar for Internet Explorer Gun Metal Benchmark 2 HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 HP Desktop Zoom HP DLA Also, I don't remember installing watchdog but then again, I am close to a magic age which implies memory loss.

#13 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 March 2006 - 09:07 PM

Jenny,

I dont see the watchdog entry on your log or on the HJT uninstall list. It looks like you didnt post the entire log, it was cut off at the H .

spnsrvnt.exe <-- This is using a lot of CPU power
C:\Program Files\Common Files\SafeNet Sentinel <-- Is this a program that you remember installing?
It seems that you have a ton of stuff running in the background and it would be best for a windows expert to look at it and advise you on what to uninstall.


Since we can find no traces of any malware, I would like you to post at this XP forum, there are experts in there that deal with this sort of thing more so than I. Like Tom Coyote its free but you have to join.
http://www.bleepingc...ms/forum56.html


I think at this point its more of a windows or hardware issue and since this forum is for malware removal I wont be able to help you any further. I am going to keep this thread open for you because I would like you to keep me updated on your progress. I would like you to send me a link to the thread on the XP forum so that I can keep track of whats going on and can also jump in if any info is needed.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#14 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 10:17 PM

Ok Ken I will move to that forum. I did do a little searching when I realized that the CPU was in %!! that spnsrvnt.exe is using all the CPU. I googled it and found others with the same issue but so much confusing info on what to do about it. Thanks for your help. Here is the whole HJT log for completeness sake! I will send you a link to that thread. I was curious though if using a system restore point back when I was sure I wasn't infected was a way to take care of viruses? HJT log below Take Care Jenny Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Photoshop 6.0 ALi FIR Driver AnswerWorks Runtime ASAPI Update ASCOM Platform 4.0.1 AstroVideo ATI Display Driver AVIedit 3.37 Canon PowerShot 2.4 CCDOPS5 CCDSoft CCleaner (remove only) Conexant 56K ACLink Modem Conexant 56K ACLink Modem Conexant AC-Link Audio Corel Applications Creative PC-CAM Center Creative WebCam Monitor Creative WebCam Pro eX Driver (1.02.01.0102) Creative WebCam Pro eX Manual (English) Diablo II e-DiagTools for Windows Equalizer ewido security suite Google Toolbar for Internet Explorer Gun Metal Benchmark 2 HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 HP Desktop Zoom HP DLA hp LaserJet 1150 / 1300 HP Notebook Utilities HP One-Touch Buttons HP Photo Printing Software HP Photo Toolkit HP Presentation Ready Hpsetup Inactive HP Printer Drivers (Remove only) Inactive HP ScanJet Drivers (Remove only) InterActual Player InterVideo WinDVD J2SE Runtime Environment 5.0 Update 6 Kaspersky On-line Scanner Kubotek KeyCreator 4.5 Lernout & Hauspie TruVoice American English TTS Engine LiveReg (Symantec Corporation) LiveUpdate 2.5 (Symantec Corporation) Logitech IM Video Companion Logitech ImageStudio Logitech Print Service MapSource MapSource - MetroGuide USA v5 MapSource - US Topo v3.02 McAfee Personal Firewall Plus McAfee SecurityCenter McAfee VirusScan Medi@Show Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Office 2000 Professional MoodLogic Service Mozilla Firefox (1.5) MSXML 4.0 SP2 Parser and SDK MSXML4 Parser Nortel Networks Contivity VPN Client OpenMG Secure Module 4.2.00 Picture Window Pro 2.5 PixInsight LE 1.0 PoleAlignMax PowerDirector Pro QuickTime RadioShack USB to Serial Cable RecordNow RecordNow Update Manager RegiStax 2 .1.1 beta SBIG Driver Checker SBIG Driver Checker ScanCraft CS-P Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Sentinel Protection Installer 7.0.0 Shockwave Solid Edge Machinery Library Solid Edge V16 SonicStage 3.2 Spy Sweeper Spybot - Search & Destroy 1.4 SpywareBlaster v3.4 StartupMonitor Synaptics TouchPad System Security Suite 1.04 TheSky6 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) WAV Conversion Tool Winamp (remove only) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Yahoo! extras Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Toolbar ZoneAlarm

#15 JBYea

JBYea

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 March 2006 - 11:29 PM

Ken
http://www.bleepingc...topic=46675&hl=

Above is the link to my post.

Thanks again. I am keeping my fingers crossed!
Jenny

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·