Sneaky processes bogging down pc

workerscomp · 02-06-2007, 08:08 PM

I have tinkered outside of my knowledge base, here is the Hijack this log, and the combo fix. Someone shed some light on my predicament. Thanks ahead of time.

Logfile of HijackThis v1.99.1
Scan saved at 9:21:38 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterInstallMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ANDYKU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124675943885
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe (file missing)
O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe (file missing)
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

ComboFix 07-02-07 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))

2007-02-06 21:20 <DIR> d-------- C:\Program Files\Hijack This
2007-02-06 18:08 <DIR> d-------- C:\Program Files\TweakXP 2
2007-02-06 08:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-02-06 08:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-02-06 07:41 <DIR> d-------- C:\DOCUME~1\ANDYKU~1\Application Data\U3
2007-02-06 01:18 2,560 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-02-06 01:18 2,432 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-02-06 01:18 <DIR> d-------- C:\Program Files\Picasa2
2007-02-06 01:15 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-02-06 00:30 666 --a------ C:\WINDOWS\speed.reg
2007-02-06 00:24 <DIR> d-------- C:\Program Files\WebCyberCoach
2007-02-06 00:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\GTek
2007-02-06 00:23 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Application Data\Gtek
2007-02-06 00:23 <DIR> d-------- C:\Program Files\Dell Support
2007-02-06 00:23 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek
2007-02-06 00:23 <DIR> d-------- C:\DOCUME~1\ANDYKU~1\Application Data\Gtek
2007-02-05 23:55 0 -rahsc--- C:\MSDOS.SYS
2007-02-05 23:55 0 -rahsc--- C:\IO.SYS
2007-02-05 21:48 <DIR> d-------- C:\Program Files\WhatsRunning
2007-01-30 12:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-01-30 12:22 <DIR> d-------- C:\Program Files\AIM6
2007-01-30 02:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-01-30 02:35 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-01-30 02:35 <DIR> d-------- C:\WINDOWS\Performance
2007-01-30 02:34 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-30 02:05 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-29 20:58 <DIR> d-------- C:\WINDOWS\ehome
2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\ie7updates

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-06 21:24 -------- d-------- C:\Program Files\mozilla firefox
2007-02-06 01:15 -------- d-------- C:\Program Files\google
2007-02-06 00:17 -------- d-------- C:\Program Files\sis vga utilities v3.59b
2007-02-05 23:53 -------- d-------- C:\Program Files\interactual
2007-02-05 21:57 -------- d-------- C:\Program Files\sonic
2007-02-05 21:26 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-05 21:18 -------- d-------- C:\Program Files\symantec
2007-02-01 10:37 -------- d-------- C:\Program Files\Common Files\aol
2007-01-30 02:57 -------- d---s---- C:\DOCUME~1\ANDYKU~1\Application Data\microsoft
2007-01-29 23:12 -------- d-------- C:\Program Files\online services
2007-01-29 20:31 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\adobeum
2007-01-28 20:43 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\limewire
2007-01-15 19:32 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\adobe
2007-01-15 19:00 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-13 06:41 -------- d-------- C:\Program Files\microsoft money
2006-12-11 17:21 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\bengalsscreenserver
2006-12-11 08:07 -------- d-------- C:\Program Files\ipod
2006-12-11 07:59 -------- d-------- C:\Program Files\quicktime
2006-12-08 16:59 -------- d-------- C:\Program Files\Common Files\real
2006-12-08 16:58 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\real
2006-12-07 20:06 97 --a--c--- C:\DOCUME~1\ANDYKU~1\Application Data\sstraceprefs.xml
2006-12-06 23:03 4885023 --a--c--- C:\WINDOWS\SYSTEM32\bengalsscreenserver.scr
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-06 16:18 1968 --a--c--- C:\DOCUME~1\ANDYKU~1\Application Data\.googlewebacchosts

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\Program Files\\Mozilla Firefox\\plugins\\GetFlash.exe -p"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE "
"item"="Run Google Web Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe "
"item"="Utility Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1162843755\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Programs\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b8de3b-ed09-11d9-9018-00904bbf75c0}]
Shell\AutoRun\command E:\Herbert\Herbert.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{98193020-5815-4DB9-89A3-5FEF4D9DDCC8}.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-06 21:33:41

workerscomp · 02-07-2007, 08:04 AM

to the top

**LonnyRJones** · 02-11-2007, 12:23 AM

Hi
"Sneaky processes bogging down pc"
Please explain in more detail

Also it doesnt appear you have fallowed the steps here
http://www.techsupportforum.com/secu...kthis-log.html

workerscomp · 02-21-2007, 06:59 AM

Upon startup in normal startup, my computer is at 100% usage.
I run 512 mb of ram, and when i startup in selective boot modes, I can get the computer to run at 30% prior to running applications.
Upon running single applications, my task manager reports 100% usage. I am trying to target any unnecessary processes for deletion. Any suggestions/

My main goal is to run Itunes 7.2 and possibly search the net at the same time, because as we all know itunes is supposed to be background program.

I posted my hjt log without downloading spyware warrior, however I did give a thorough system scan with adaware (then deleted the program) scanned with Spybot S&D, ran Cleaner, and redid my hjt in safe mode.

Can I not be helped without having specifically completed all 5 of the prescribed steps?
awaiting further instruction.

**LonnyRJones** · 02-21-2007, 01:48 PM

There are no visible suspect process's

Getting an online and posting its report may give us clues
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.

You do not appear to have a resident antivirus protection, why is that ?

workerscomp · 02-22-2007, 08:20 AM

thanks for the effort, I ended up reformatting and reinstalling xp.

I think it was just time to wipe the slate clean and start over.

Thanks anyway.

**LonnyRJones** · 03-06-2007, 06:46 AM

Thanks for posting back

If you should need to post logs for the same PC let me know and we will re-open your thread.

02-06-2007, 08:08 PM	#1 (permalink)
workerscomp Registered User Join Date: Feb 2007 Posts: 8 OS: win xp	Sneaky processes bogging down pc I have tinkered outside of my knowledge base, here is the Hijack this log, and the combo fix. Someone shed some light on my predicament. Thanks ahead of time. Logfile of HijackThis v1.99.1 Scan saved at 9:21:38 PM, on 2/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Updater\2.0.755.22488\GoogleUpdaterInstallMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\ANDYKU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\GetFlash.exe -p O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124675943885 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: .NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe (file missing) O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe (file missing) O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF04.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ComboFix 07-02-07 - Running from: "C:\Program Files\Mozilla Firefox" ((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 )))))))))))))))))))))))))))))))))) 2007-02-06 21:20 <DIR> d-------- C:\Program Files\Hijack This 2007-02-06 18:08 <DIR> d-------- C:\Program Files\TweakXP 2 2007-02-06 08:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-02-06 08:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF 2007-02-06 07:41 <DIR> d-------- C:\DOCUME~1\ANDYKU~1\Application Data\U3 2007-02-06 01:18 2,560 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys 2007-02-06 01:18 2,432 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys 2007-02-06 01:18 <DIR> d-------- C:\Program Files\Picasa2 2007-02-06 01:15 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater 2007-02-06 00:30 666 --a------ C:\WINDOWS\speed.reg 2007-02-06 00:24 <DIR> d-------- C:\Program Files\WebCyberCoach 2007-02-06 00:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\GTek 2007-02-06 00:23 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Application Data\Gtek 2007-02-06 00:23 <DIR> d-------- C:\Program Files\Dell Support 2007-02-06 00:23 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Gtek 2007-02-06 00:23 <DIR> d-------- C:\DOCUME~1\ANDYKU~1\Application Data\Gtek 2007-02-05 23:55 0 -rahsc--- C:\MSDOS.SYS 2007-02-05 23:55 0 -rahsc--- C:\IO.SYS 2007-02-05 21:48 <DIR> d-------- C:\Program Files\WhatsRunning 2007-01-30 12:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP 2007-01-30 12:22 <DIR> d-------- C:\Program Files\AIM6 2007-01-30 02:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-01-30 02:35 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat 2007-01-30 02:35 <DIR> d-------- C:\WINDOWS\Performance 2007-01-30 02:34 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation 2007-01-30 02:05 <DIR> d-------- C:\WINDOWS\Prefetch 2007-01-29 20:58 <DIR> d-------- C:\WINDOWS\ehome 2007-01-11 03:00 <DIR> d-------- C:\WINDOWS\ie7updates (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-06 21:24 -------- d-------- C:\Program Files\mozilla firefox 2007-02-06 01:15 -------- d-------- C:\Program Files\google 2007-02-06 00:17 -------- d-------- C:\Program Files\sis vga utilities v3.59b 2007-02-05 23:53 -------- d-------- C:\Program Files\interactual 2007-02-05 21:57 -------- d-------- C:\Program Files\sonic 2007-02-05 21:26 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-02-05 21:18 -------- d-------- C:\Program Files\symantec 2007-02-01 10:37 -------- d-------- C:\Program Files\Common Files\aol 2007-01-30 02:57 -------- d---s---- C:\DOCUME~1\ANDYKU~1\Application Data\microsoft 2007-01-29 23:12 -------- d-------- C:\Program Files\online services 2007-01-29 20:31 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\adobeum 2007-01-28 20:43 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\limewire 2007-01-15 19:32 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\adobe 2007-01-15 19:00 -------- d-------- C:\Program Files\Common Files\adobe 2006-12-13 06:41 -------- d-------- C:\Program Files\microsoft money 2006-12-11 17:21 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\bengalsscreenserver 2006-12-11 08:07 -------- d-------- C:\Program Files\ipod 2006-12-11 07:59 -------- d-------- C:\Program Files\quicktime 2006-12-08 16:59 -------- d-------- C:\Program Files\Common Files\real 2006-12-08 16:58 -------- d-------- C:\DOCUME~1\ANDYKU~1\Application Data\real 2006-12-07 20:06 97 --a--c--- C:\DOCUME~1\ANDYKU~1\Application Data\sstraceprefs.xml 2006-12-06 23:03 4885023 --a--c--- C:\WINDOWS\SYSTEM32\bengalsscreenserver.scr 2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll 2006-11-06 16:18 1968 --a--c--- C:\DOCUME~1\ANDYKU~1\Application Data\.googlewebacchosts (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FlashPlayerUpdate"="C:\\Program Files\\Mozilla Firefox\\plugins\\GetFlash.exe -p" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk" "backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Google\\GOOGLE~4\\GOOGLE~1.EXE -systray -startup" "item"="Google Updater" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Run Google Web Accelerator.lnk" "backup"="C:\\WINDOWS\\pss\\Run Google Web Accelerator.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Google\\WEBACC~1\\GOOGLE~2.EXE " "item"="Run Google Web Accelerator" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Utility Tray.lnk" "backup"="C:\\WINDOWS\\pss\\Utility Tray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\SYSTEM32\\sistray.exe " "item"="Utility Tray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim6" "hkey"="HKCU" "command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint\\Apoint.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DSAgnt" "hkey"="HKCU" "command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1162843755\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IPHSend" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"F:\\Programs\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="keyhook" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\keyhook.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleToolbarNotifier" "hkey"="HKCU" "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 "NoLogoff"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\LaunchU3.exe -a [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b8de3b-ed09-11d9-9018-00904bbf75c0}] Shell\AutoRun\command E:\Herbert\Herbert.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\User_Feed_Synchronization-{98193020-5815-4DB9-89A3-5FEF4D9DDCC8}.job ****************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-02-06 21:33:41

02-21-2007, 06:59 AM	#4 (permalink)
workerscomp Registered User Join Date: Feb 2007 Posts: 8 OS: win xp	Upon startup in normal startup, my computer is at 100% usage. I run 512 mb of ram, and when i startup in selective boot modes, I can get the computer to run at 30% prior to running applications. Upon running single applications, my task manager reports 100% usage. I am trying to target any unnecessary processes for deletion. Any suggestions/ My main goal is to run Itunes 7.2 and possibly search the net at the same time, because as we all know itunes is supposed to be background program. I posted my hjt log without downloading spyware warrior, however I did give a thorough system scan with adaware (then deleted the program) scanned with Spybot S&D, ran Cleaner, and redid my hjt in safe mode. Can I not be helped without having specifically completed all 5 of the prescribed steps? awaiting further instruction. Last edited by workerscomp : 02-21-2007 at 07:18 AM. Reason: more description of problem

02-07-2007, 08:04 AM	#2 (permalink)
workerscomp Registered User Join Date: Feb 2007 Posts: 8 OS: win xp	to the top

02-11-2007, 12:23 AM	#3 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Hi "Sneaky processes bogging down pc" Please explain in more detail Also it doesnt appear you have fallowed the steps here http://www.techsupportforum.com/secu...kthis-log.html

02-21-2007, 01:48 PM	#5 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	There are no visible suspect process's Getting an online and posting its report may give us clues Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please. You do not appear to have a resident antivirus protection, why is that ?

02-22-2007, 08:20 AM	#6 (permalink)
workerscomp Registered User Join Date: Feb 2007 Posts: 8 OS: win xp	thanks for the effort, I ended up reformatting and reinstalling xp. I think it was just time to wipe the slate clean and start over. Thanks anyway.

03-06-2007, 06:46 AM	#7 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Thanks for posting back If you should need to post logs for the same PC let me know and we will re-open your thread.