|
| |||||||
| |
 |
| | Thread Tools |
|
#1
29-11-2007, 08:45 AM
| ||||
| ||||
 I think spyware is doing terrible things to me My computer slows to a crawl sometimes and I'm worried that I may have stuff going on in there that my regular protection (Shaw F-Secure) isn't catching. Can someone do me a huge favour and glance at the logfile and let me know if there are any badguys in there? Thanks.  Logfile of HijackThis v1.99.1 Scan saved at 1:38:59 AM, on 29/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGser v.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Nero\Nero 7\Core\nero.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\lxcgcoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tarol\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {11A1463D-DFDF-48F9-9DC6-C3A7613293F5} - C:\WINDOWS\System32\llog.dll (file missing) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://*.snotling.org O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14840643...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166133804484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166265912484 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/t...ugs/axhost.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O20 - Winlogon Notify: yvbb01 - yvbb01.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LXCGCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGse rv.exe O23 - Service: lxcg_device - - C:\WINDOWS\System32\lxcgcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe       |
| |
|
#2
29-11-2007, 09:20 AM
| ||||
| ||||
| I think spyware is doing terrible things to me Uninstall the version of HijackThis you have and install the new version found in the Malware Removal Guide Also work your way through the malware removal thread and post back with the requested logs. You do have a few nasties on the computer. |
|
|
| Thread Tools | |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Things that annoy you? | kanoakavirus | Off Topic Discussion | 17 | 11-06-2008 04:32 PM |
| terrible crackling | Cew27 | Mobile Phones & PDAs | 4 | 05-10-2007 05:50 PM |
| what are the things to look for when buying a PSU for... | boygenis | Cases & Power Supplies | 4 | 20-06-2007 04:33 PM |
| Things to consider when starting out... | Cobalt | Off Topic Discussion | 1 | 14-11-2006 11:56 AM |
| Powered by vBulletin® Copyright ©2000 - 2008 Jelsoft Enterprises Ltd. SEO by vBSEO ©2008, Crawlability, Inc. |
