Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log, please help!


  • Please log in to reply

#1
Narsufin

Narsufin

    New Member

  • Member
  • Pip
  • 4 posts
Have been through the list, downloaded, scanned, cleaned, changed anti virus, got XP Service pack, installed patches, the lot. And still my laptop moves with glacial slowness. Trojan Hunter didnt find anything, Spyware Doctor and AVG got cookies, the online scan Housecall got a tool bar. It takes 10 minutes to boot up, and the System Idle Process in Task Manager appears to be eating 90% of the CPU all the time. I have no idea what to do next.... Do you? :whistling:

Also included after this log is the AVG Anti-Spyware - Scan Report.

Logfile of HijackThis v1.99.1
Scan saved at 23:14:51, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....94C47C552112703
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace....94C47C552112703
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154431765812
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE





---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 02:40:50 03/10/2006

+ Scan result:



:mozilla.82:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.91:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.54:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.55:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.56:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.38:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.42:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.77:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.364:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.365:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.67:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.332:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.107:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.35:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.244:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.304:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.312:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.331:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.333:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.346:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.190:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.191:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.192:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.187:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.188:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.193:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.194:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.150:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.151:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.108:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.109:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.110:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.84:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.131:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.135:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.136:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.143:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.175:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.176:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.106:C:\Documents and Settings\Narsufin\Application Data\Mozilla\Firefox\Profiles\a4avrm2m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,898 posts
First misundestanding: if System Idle Processes has a high percentage, that means the CPU is sitting on his lazy behind, so the problem probably isn't CPU

Do you have enough RAM?
From what you have installed 512 MB would be advisable.

I also want to check for a rootkit.
Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP