Thread: CPU/Internet running super slow
View Single Post
Old 04-18-2006, 05:30 PM   #6 (permalink)
Sonic_Death
Registered User
 
Join Date: Apr 2006
Location: New York
Posts: 49
OS: XP Media Center


New Hijack This:
Logfile of HijackThis v1.98.2
Scan saved at 7:25:29 PM, on 4/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131049552139
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Ewido Report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:05:24 PM, 4/18/2006
+ Report-Checksum: 879435BF

+ Scan result:

HKLM\SOFTWARE\Classes\actsetup.ActSetupObj -> Adware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CLSID -> Adware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CurVer -> Adware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj.1 -> Adware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.BHO -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.BHO\CLSID -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.BHO\CurVer -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.BHO.1 -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.CGBandObj -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.CGBandObj\CLSID -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.CGBandObj\CurVer -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.CGBandObj.1 -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.UICGBandObj -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.UICGBandObj\CLSID -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.UICGBandObj\CurVer -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CGBand.UICGBandObj.1 -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58F07DD3-924D-4141-BC74-299F523A95F1} -> Adware.WebDir : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88CC91DE-5930-45AD-9E04-6B1233609FEA} -> Adware.Appoli : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj -> Adware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID -> Adware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CurVer -> Adware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj.1 -> Adware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Elitum -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Elitum\EliteSideBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Elitum\EliteToolBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick2 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick2\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-854245398-527237240-839522115-1003\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-854245398-527237240-839522115-1003\Software\SurfSideKick2 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-854245398-527237240-839522115-1003\Software\SurfSideKick2\Internet Explorer -> Adware.SurfSide : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\uf7rq8dg.default\cookies-14.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pdfmgr.dll -> Adware.MegaSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\sp1.dll -> Adware.Naupoint : Cleaned with backup
C:\WINDOWS\system32\msedpb.exe -> Trojan.Small.i : Cleaned with backup
C:\WINDOWS\system32\msmc.exe -> Trojan.Small.i : Cleaned with backup


::Report End


Pandascan Report:

Incident Status Location

Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\csloa.dll
Adware:adware/elitebar Not disinfected C:\WINDOWS\EliteToolBar
Adware:adware/blazefind Not disinfected Windows Registry
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP553\A0041681.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP553\A0041682.exe
Adware:Adware/Naupoint Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042261.dll
Hacktool:Flooder Program Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042262.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042263.exe
Adware:Adware/Deskwizz Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042264.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042265.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042266.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042267.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042268.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042269.exe
Adware:Adware/EliteBar Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042270.exe
Spyware:Spyware/ClientMan Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042271.dll
Spyware:Spyware/ClientMan Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042272.dll
Adware:Adware/NavHelper Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042273.exe
Adware:Adware/NavHelper Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042274.exe
Adware:Adware/NavHelper Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042275.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042277.exe
Adware:Adware/nCase Not disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0042278.exe
Adware:Adware/Megasearch Not disinfected C:\WINDOWS\Downloaded Program Files\pdfrpt00.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\casino-ico.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\dating-ico.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs-ico.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\fav-ico.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\fav.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\EliteToolBar\xml\images\virus.bmp
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\csloa.dll
Spyware:Spyware/Abcsearch Not disinfected C:\WINDOWS\system32\msehek.dll
Spyware:Spyware/Omi Not disinfected C:\WINDOWS\system32\msfdje.gif
Sonic_Death is offline