The odd thing was when i had looked it up online and NOTHING came up for it. It was like no one had ever heard of it.
The Spybot S&D told me that one file RegSvcDll.exe was trying to run, so i denyed it. Then it came up again, and I looked it up and there was nothing like it online, so i looked up where it was comming from (C:\Windows\system32\) and I used S&D's Shredder to delete the file. Once deleted another reg change came up mwEvtmgr and When i looked up that one online, it said is was a virus. So i looked that one up too and found it was in the same directory and Shredded that one too.
Thinking I had finished my job I went to bed and turned off my computer, the following morning when i started it back up my computer most of my programs were going extremely slow for some reason. Like, every program wouldn't show up for atleast 5 min, and when I opened Task Manager normally my computer uses over 500 MB PF Usage, but now it wouldn't go over 300MB. (not good) So I did a registry check, and it said nothing was wrong, then I did a registry Fix, and it said 22 problems (just shortcuts) and then it began to drive me crazy, i realized that everything I did on the computer was taking 5 min between each thing I did. Even in Task Manager, whenever i tried to shut-down any program it wouldn't do it right then, it would take about 2-3 min. So i did a Virus scan, and it found 8 viruses from Java, so i deleted those, then I did a spyware check and i had 4 from just tracking cookies.
I've got at most 3 programs to run perfectly (task Manager, Notepad, and Hijack This) all the rest are taking way too long to run or completely start up. I'm guessing that when I had deleted that first file it had taken part of my registry with it. I've done every Registry Fix, Virus scan, Sypware Scan, and clean up program possible. I even ran my Check Disk to make sure nothing was wrong, and again, nothing was wrong. One other thing was that my computer has not seemed to slow down, it is just that all my programs all seem to take forever to start up. The file attachment took me atleast 20 min to get it there and in the end I had to get rid of it because it was taking WAYYY too long, this is ofcousre while I have benn doing a lot of other things while that was going on, but it is that kind of thing that is really getting to me.
Logfile of HijackThis v1.99.1
Scan saved at 11:36:38 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\brss01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\ZoneAlarm\zlclient.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\KEM.exe
F:\Program Files\UltraMon\UltraMon.exe
F:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
F:\Program Files\Firefox\firefox.exe
F:\Program Files\AIM\aim.exe
F:\WINDOWS\system32\ZoneLabs\isafe.exe
F:\PROGRA~1\ZONEAL~1\MAILFR~1\mantispm.exe
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\system32\NOTEPAD.EXE
f:\program files\aim\aim.exe
F:\WINDOWS\explorer.exe
F:\Program Files\UltraMon\UltraMonTaskbar.exe
F:\Documents and Settings\XXStealthXX\Start Menu\Programs\Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\S&D\SPYBOT~1\SDHelper.dll
O2 - BHO: ajBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - F:\Program Files\AskJeeves\bar\bin\ajBar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Ask Jeeves - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - F:\Program Files\AskJeeves\bar\bin\ajBar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [RAMSaverPro] F:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: UltraMon.lnk = F:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://speedbar.ask....search.html?p=4
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save To MyJeeves - res://F:\Program Files\AskJeeves\bar\bin\saveit.ocx/imageit.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - f:\program files\aim\aim.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.giga...bject/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123745954828
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: PCANotify - F:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - F:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows Event Manager (mwEvtMgr) - Unknown owner - F:\WINDOWS\system32\mwEvtMgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
Edited by XStealthX, 04 December 2005 - 02:26 AM.
Sign In
Create Account
