Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Flashing hourglass, trojan remnants? HJT log


  • Please log in to reply

#1
blabbaboo

blabbaboo

    Member

  • Member
  • PipPip
  • 20 posts
Hi, I had a trojan infection which I removed using Kaspersky Anti-virus in safe mode, also Spybot, Adaware, Ewido, and Trend Micro online scan. I'm not showing anything there anymore, but the hourglass is flashing about 2 times a second all the time, and my cpu usage is too high when nothing is running. Ran clean up, all temp files gone, Hijack this log follows. Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 4:03:37 PM, on 9/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\PROGRA~1\AVASTA~1\ashDisp.exe
E:\Program Files\DVD\D-Tools\daemon.exe
E:\Program Files\Toolbox\Virus & Spyware Tools\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
E:\Program Files\Toolbox\Virus & Spyware Tools\Trend Micro Anti-Spyware\Tmas.exe
E:\Program Files\Avast Antivirus\aswUpdSv.exe
E:\Program Files\Avast Antivirus\ashServ.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Avast Antivirus\ashMaiSv.exe
E:\Program Files\Avast Antivirus\ashWebSv.exe
E:\Program Files\Toolbox\Virus & Spyware Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tbo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\AVASTA~1\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\DVD\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Toolbox\Virus & Spyware Tools\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = E:\Program Files\Toolbox\Virus & Spyware Tools\Trend Micro Anti-Spyware\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - E:\Program Files\Video Capture\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...da...4139154218
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Avast Antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Avast Antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Avast Antivirus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Avast Antivirus\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\Toolbox\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\Toolbox\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP