Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1 (Edited)
Hello, I've been having a lot of trouble with my computer lately, and it all seemed to start when I switched over to a new dial-up connection here in Spain. My ISP (Wanadoo) made me download a new dialer to access the internet and it all went haywire from then.

I apparently had some spyware on my computer from before but it was not causing any noticeable nuisance, but now whenever I get on the internet, a few minutes after I connect, a svchost.exe process starts that uses 99% of the CPU. When that happens, half of the times I am able to keep surfing, although slower, and the other half of the times I can't open up any new pages. In all of these cases, it is impossible to get off the internet unless I manually reboot.

I am running XP pro, with Panda Titanium. I am running the antivirus at least twice a day, have dowloaded and run Ad-Aware, Hijackthis, the Symantec FixWelchia tool (I thought this could be the Welchia worm, but nothing was detected, maybe it's a new variation?). I have managed to get a lot of trojans, malware, etc. off my system, but this particluar problem persists. Panda antivirus also seems to detect and neutralize a lot of W32.Sdbot.xxx worms lately, maybe this could be related?

Many thanks in advance, here is my log, through the HijackThisAnalyzer.
Daniel

PS funnily enough, things seem to be ok if I get on the internet through my old account, maybe this can give an indication of what's going on.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 15:51:35, on 23/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
C:\Archivos de programa\iPod\bin\iPodManager.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\SEC\MagicTune 2.5\GammaTray.exe
C:\Archivos de programa\SEC\Natural Color\NaturalColorLoad.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodManager] C:\Archivos de programa\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.69.50.182.94
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108377879023
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup156.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{895F8CA3-00D4-4148-81ED-FB264F9B1998}: NameServer = 80.58.0.33,80.58.32.97
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe


End of KRC HijackThis Analyzer Log.
====================================================================
 

Attachments

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
svchost.exe which resides in the system32 folder is a legitimate process. I dont really see anything bad in your log. Just a remnant entry from a previous infection. Let's fix that & do an online scan at Kasperskys.

Have HijackThis fix this entry:

O15 - Trusted Zone: *.69.50.182.94



Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post along with a new HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top