Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running Too Much Garbage?


  • Please log in to reply
4 replies to this topic

#1 Rayza

Rayza

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 16 September 2006 - 06:25 PM

(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance.
Enthusiast)


After removing some nasty viruses and having a good look through my system I started to realise how much stuff is running. I would like to shut a lot of this down but not sure what I can without causing problems.
Anyway if anyone could tell me what I could shut down I would be rapt.
Would I simply shut them down or dlete with Hijack?
anyway heretis. :thumbsup: :flowers:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:03 AM, on 17/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\1st Evidence Remover\eraser.exe
C:\Program Files\1st Evidence Remover\erasrv.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\winins.exe
F:\Program Files\Norton Antivirus\navapsvc.exe
F:\Program Files\Netscape\Netscape\Netscp.exe
F:\PROGRA~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Norton Antivirus\SAVScan.exe
F:\PROGRA~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\Program Files\hijack this\HijackThis.exe

R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\yscrnk27.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\yscrnk27.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [00ERSRRRNKY] C:\Program Files\1st Evidence Remover\eraser.exe
O4 - HKCU\..\RunServicesOnce: [washindex] F:\Program Files\washer\washidx.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netscape 7.1.lnk = F:\Program Files\Netscape\Netscape\Netscp.exe
O4 - Global Startup: winins.lnk = C:\WINDOWS\winins.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyPoker\PartyPoker.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Eraser Service (EraserThread) - Unknown owner - C:\Program Files\1st Evidence Remover\erasrv.exe
O23 - Service: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Edited by Enthusiast, 17 September 2006 - 08:07 AM.


BC AdBot (Login to Remove)

 


#2 Thequantumshaman

Thequantumshaman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 16 September 2006 - 07:12 PM

Hi,

Not my place to say really, and mods, hope i'm not stepping on any toes :thumbsup: But the place for Hijack This logs is here:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

In the Hijack This forum. Not like the mods to be asleep at the wheel :flowers:

Anyway, post your HJT log to that forum and i'm sure someone will be onto it asap.

Regards,
Stew :huh:

#3 Deodar

Deodar

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Location:41'00"S174'.00"E
  • Local time:12:54 AM

Posted 16 September 2006 - 10:14 PM

:thumbsup: Hi Rayza,I'm a rocker not a mod but can't help noticing a few things....Rayza's not just your
name there are things called Eraser running,some unidentified BHO's and you seem to like a cool hand
":\PartyPoker\PartyPoker.exe "?? My gut reaction would flag that as Spy/Adware but you may have
paid dearly for a Pro version? Apart from those have you noticed how many entries are Symantec?
Not surprising Nortons is considered a resource hog ,I wonder what the CPUsage is to accomodate Nortons
?! Have you considered a less wasteful Security & AV application? No doubt Spybot can identify those BHO's
& flag them if they're another waste. Good to see someone using Netscape although thats a strange homepage
,unless you're an Aussie of course. Answers That Work have a Really Small App. that can help you monitor
RAM & CPUsage.A little Bewdy Mate.

#4 Rayza

Rayza
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 September 2006 - 12:42 AM

Hi,

Not my place to say really, and mods, hope i'm not stepping on any toes :thumbsup: But the place for Hijack This logs is here:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

In the Hijack This forum. Not like the mods to be asleep at the wheel :huh:

Anyway, post your HJT log to that forum and i'm sure someone will be onto it asap.

Regards,
Stew :flowers:

thanks for that , will do, I jumped in a bit quick :huh:

#5 Rayza

Rayza
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 September 2006 - 12:53 AM

:thumbsup: Hi Rayza,I'm a rocker not a mod but can't help noticing a few things....Rayza's not just your
name there are things called Eraser running,some unidentified BHO's and you seem to like a cool hand
":\PartyPoker\PartyPoker.exe "?? My gut reaction would flag that as Spy/Adware but you may have
paid dearly for a Pro version? Apart from those have you noticed how many entries are Symantec?
Not surprising Nortons is considered a resource hog ,I wonder what the CPUsage is to accomodate Nortons
?! Have you considered a less wasteful Security & AV application? No doubt Spybot can identify those BHO's
& flag them if they're another waste. Good to see someone using Netscape although thats a strange homepage
,unless you're an Aussie of course. Answers That Work have a Really Small App. that can help you monitor
RAM & CPUsage.A little Bewdy Mate.

:huh: yep I am an Aussie, and I know how much Symanmtec is a cpu hog but aren't they very good for virus protection??? I'm always downloading stuff and Nortons is always zapping incoming bugs.
I use Spybot, Adaware, Ewido anti malware. as you can probably see.
Crikey :flowers: what is a BHO? and what brand would be a reliable low cpu usage antivirus software?
Anyway mate thanks for the scoop and G'Day :huh:
PS, I was a rocker too. :huh:

Edited by Rayza, 17 September 2006 - 12:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users