Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please.


  • This topic is locked This topic is locked
2 replies to this topic

#1 busymom2boys

busymom2boys

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 17 May 2008 - 12:46 AM

I know I have a lot of junk running. I do a lot of video and photo editing and my system is beginning to slow. When I bring up task manager there are 53 processes running and using 60% give or take a few. Recently, the fan is running non-stop.
Can someone take a look at my Hijack this log and help me out?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:13 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
i:\Program Files\Microsoft LifeCam\MSCamS32.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\PSIService.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\ALCWZRD.EXE
I:\WINDOWS\ALCMTR.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\WINDOWS\vVX3000.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\My Book\WD Backup\uBBMonitor.exe
I:\WINDOWS\system32\ntvdm.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\System32\svchost.exe
I:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
I:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\UNG47ZLX\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R340 Series on FAMILY] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P45 "Auto EPSON Stylus Photo R340 Series on FAMILY" /O19 "\\FAMILY\EPSON R340" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "i:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] I:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series (Copy 1)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copy 1)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P39 "EPSON Stylus Photo R340 Series (Copy 1)" /O6 "USB003" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copy 2)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P39 "EPSON Stylus Photo R340 Series (Copy 2)" /O6 "USB004" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copy 3)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P39 "EPSON Stylus Photo R340 Series (Copy 3)" /O6 "USB005" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Yapta Tracker] I:\Program Files\Yapta\YaptaClient.exe /onstartup
O4 - HKLM\..\Run: [OrderReminder] I:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [YSearchProtection] "I:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] I:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "I:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [\\FAMILY\EPSON Stylus Photo R340 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P39 "\\FAMILY\EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series (Copy 4)] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P39 "EPSON Stylus Photo R340 Series (Copy 4)" /O6 "USB008" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "I:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "I:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] I:\Garmin\gStart.exe
O4 - HKCU\..\Run: [AdobeUpdater] I:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Event Reminder.lnk = I:\Program Files\New Folder\PMREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Kodak EasyShare software.lnk = I:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microboards Toolbox.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WD Backup Monitor.lnk = I:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.0.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - I:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - I:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - I:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13360 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:17 AM

Posted 23 May 2008 - 04:37 PM

Hello busymom2boys,

If you problem is malware related , then I will be able to help.


We need to create a Deckard's System Scanner (DSS) Log.

Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
Primary Mirror
Secondary Mirror

DSS will do the following:
1. Create a new System Restore point in Windows XP and Vista.
2. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
3. Check some important areas of your system and produce a report for an analyst to review.
4. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.

Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.

1. Close all applications and windows.
2. Double-click on dss.exe to run it and follow the prompts.

3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
4. When the scan is complete, two text files will open in Notepad:
main.txt <-- Will be maximized
extra.txt <-- Will be minimized
5. If not, they both can be found in the C:\Deckard\System Scanner folder.
6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.

Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

In your next reply, I need to see the following reports:
DSS Main.txt
DSS Extra.txt

Edited by SifuMike, 23 May 2008 - 04:39 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:17 AM

Posted 31 May 2008 - 01:14 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users