Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Got 2 Pcs In Trouble


  • Please log in to reply
1 reply to this topic

#1 tevans0001

tevans0001

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 02 March 2008 - 03:50 PM

First, thank you for allowing my membership. What I've got I've never seen before. Computer slows to a crawl, page file usage meter completely off the chart and the CPU usage will eventually max out at 100% with no programs running. If the PCs are not connected to the internet, they both seem to run fine but when connected to the internet, they slow to an eventual crash every time I reboot. The longer this little treat runs, eventually cuts me off from the internet and I get a "Virtual C++ Error" and the computer crashes after that. I'm running Norton 360 with LiveUpdate but seems useless. I completely re-installed Windows XP SP2 and completely re-installed Norton 360 and configured the internet and within a matter of hours, I was re-infected. I would run a virus scan and the scan display shows "Checking * c:\" but then the files, folders and HKEYs are completely foreign to me. They mostly consist of spyware and adware programs like "sex_surf" and "spywarelock 3.5.exe" and etc. The virus scan will scan thousands of files but most of them simply do not exist on my hard-drive. Its as if its running a virus scan on a phantom hard-drive and most of the files are .EXEs of spyware, adware and other crap. I check the directories and these don't exist on my hard-drive. I check the HKEY registries and same thing, not there.

I disable my wireless internet then re-enabled it and the Internet Gateway opens. I right click to show status and the window opens for a split second then closes. The Internet Gateway shows that it is enabled but I cannot open the Status/Properties window because it immediately closes after that and won't let me see anything. Disabling it doesn't seem to do any good neither. Under the Task Manager/User, my account shows "console" where on my unaffected computer, that is not the case. Also on my PC that has wireless access, when I reboot, I get pop-up error messages from my Lynksys wireless network monitor:

Access Violation at address 00426059 in Module 'WMP54GSv1_1.exe'. Read of address 00000368

I ran Stinger and nothing. Ad-Aware found nothing and Spybot wouldn't let me load. I was going to do a Panda scan but that requires internet connection and the one PC I'm fixing first is starting to limp when on line. I ran internet remote scans from Symantec and McAfee and nothing. VundoFix crashed and F-Secure Blacklight didn't turn up much of anything but I'll include the report anyways. RootKitDetective came back with some interesting hooks. Enclosed is my HijackThis report from the PC with XP SP2 reloaded on it along with the RootKit report and the fsbl report. any help offered would be greatly appreciated as this has been kicking my ass for about a month now and I'm about to go on a technological homicidal rampage. By the way, I renamed my Hijackthis exe as "FluffyBunnyII.exe" to be on the safe side. I tried to come to class as prepared as possible. Any help would greatly be appreciated. Again, thank you.

It may be important to add that Norton did detect a red-level trojan downloader on both PCs. Wouldn't tell me what it was and required a system reboot to get rid of it. Once I rebooted system, problems began.

Hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:21 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\Judy S. Evans\Desktop\FluffyBunnyII.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 3771 bytes

Ad-Aware 2007
AppCore
AV
ccCommon
GearDrvs
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Linksys Wireless-G PCI Network Adapter with SpeedBooster
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SPBBC 32bit
SuppSoft
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

RootKitDetective report:


McAfeeŽ Rootkit Detective 1.1 scan report
On 29-02-2008 at 14:52:55
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)

Object-Type: Process
Object-Name: svchost.exe
Pid: 836
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 868
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2512
Object-Path: C:\Documents and Settings\Judy S. Evans\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 776
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 500
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: WLService.exe
Pid: 1400
Object-Path: C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
Status: Visible

Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 972
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1220
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 512
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 668
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 456
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 736
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1140
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: WMP54GSv1_1.exe
Pid: 1420
Object-Path: C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 180
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 368
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: ccApp.exe
Pid: 152
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 432
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 184
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Scan complete. No hidden processes/files found.
Total files scanned: 18560
McAfeeŽ Rootkit Detective 1.1 scan report
On 29-02-2008 at 14:55:47
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)

Object-Type: Process
Object-Name: svchost.exe
Pid: 836
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 868
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 2512
Object-Path: C:\Documents and Settings\Judy S. Evans\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 776
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 500
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: WLService.exe
Pid: 1400
Object-Path: C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1220
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 972
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 512
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 668
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 456
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 736
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1140
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: WMP54GSv1_1.exe
Pid: 1420
Object-Path: C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 180
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 368
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: ccApp.exe
Pid: 152
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 184
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 432
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Scan complete. No hidden processes/files found.
Total files scanned: 18559

fsbl report:

02/29/08 15:44:25 [Info]: BlackLight Engine 1.0.67 initialized
02/29/08 15:44:25 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/29/08 15:44:26 [Note]: 7019 4
02/29/08 15:44:26 [Note]: 7005 0
02/29/08 15:44:35 [Note]: 7006 0
02/29/08 15:44:35 [Note]: 7011 1140
02/29/08 15:44:36 [Note]: 7026 0
02/29/08 15:44:36 [Note]: 7026 0
02/29/08 15:44:43 [Note]: FSRAW library version 1.7.1024
02/29/08 15:47:49 [Note]: 2000 1012
02/29/08 15:48:47 [Note]: 7007 0

Edited by tevans0001, 02 March 2008 - 03:54 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:27 PM

Posted 20 March 2008 - 10:44 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users