Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Task Manager Processes


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kindred

Kindred

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 17 April 2007 - 04:43 PM

Hello,

I researched some .exe processes that show in Task Manager. The sunbelt-software, Research tab, pulls these up as malware:
alg, ctfmon, csrss, lsass, mdm, smss, spoolsv, wdfm

HijackThis log pasted below. ctfmon is the only one that shows up in the scan.

What needs to be done? Are the chances fairly good of getting rid of all the malware? What is "Please DO NOT bump your log"?

Kindred


Logfile of HijackThis v1.99.1
Scan saved at 3:08:57 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SYSTEM32\astsrv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\system32\RunDll32.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\AdwareAlert\Scheduler.exe
E:\Program Files\A Support Programs\firefox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Kindred\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluechipgrowth.com
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBCSTray] E:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [adwarealert] E:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Coast to Coast AM] E:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Creative Detector] "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\MICROSOFT\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727944} (Web Conferencing) - http://metastock.epo....com/joinie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124240142750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124863056109
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AST Service (astcc) - Advanced Software Technologies - E:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - E:\Program Files\A Support Programs\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - E:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    Advertisements

Register to Remove


#2 Kindred

Kindred

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 18 April 2007 - 01:08 PM

Resolved issue. Forgive me for replying to my own post-- found no other way to notify you, except the No Reply after 5 days Kindred

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 April 2007 - 03:28 PM

Glad you got it fixed.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users