Hello, I've been having a lot of trouble with my computer lately, and it all seemed to start when I switched over to a new dial-up connection here in Spain. My ISP (Wanadoo) made me download a new dialer to access the internet and it all went haywire from then.
I apparently had some spyware on my computer from before but it was not causing any noticeable nuisance, but now whenever I get on the internet, a few minutes after I connect, a svchost.exe process starts that uses 99% of the CPU. When that happens, half of the times I am able to keep surfing, although slower, and the other half of the times I can't open up any new pages. In all of these cases, it is impossible to get off the internet unless I manually reboot.
I am running XP pro, with Panda Titanium. I am running the antivirus at least twice a day, have dowloaded and run Ad-Aware, Hijackthis, the Symantec FixWelchia tool (I thought this could be the Welchia worm, but nothing was detected, maybe it's a new variation?). I have managed to get a lot of trojans, malware, etc. off my system, but this particluar problem persists. Panda antivirus also seems to detect and neutralize a lot of W32.Sdbot.xxx worms lately, maybe this could be related?
Many thanks in advance, here is my log, through the HijackThisAnalyzer.
Daniel
PS funnily enough, things seem to be ok if I get on the internet through my old account, maybe this can give an indication of what's going on.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at
http://www.greyknight17.com/download.htm#programs
***Security Programs Detected***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 15:51:35, on 23/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
C:\Archivos de programa\iPod\bin\iPodManager.exe
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\SEC\MagicTune 2.5\GammaTray.exe
C:\Archivos de programa\SEC\Natural Color\NaturalColorLoad.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodManager] C:\Archivos de programa\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.69.50.182.94
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1108377879023
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup156.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{895F8CA3-00D4-4148-81ED-FB264F9B1998}: NameServer = 80.58.0.33,80.58.32.97
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
End of KRC HijackThis Analyzer Log.
====================================================================
