Spyware Problems...Too Many Processes Running? SVCHOST???

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Spyware Problems...Too Many Processes Running? SVCHOST???

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-13-2007 12:28 (GMT +1)

im havin a serious problem wit my computer right now............its has been extremely slowed down but viruses and or spyware...........i found a link on wat exactly my problem is bcuz apparently it came from a site i went to all tha time (soundclick) heres tha thread talkin about that problem i am also havin http://www.bullguard.com/forum/10/Problems-with-WinFixerDrive-Cl_39700.html

i did everything the guy told that person to do and yet my computer is still goin extemely slow.....and i kno its goin slow bcuz my windows media player wont play songs at normal speed it has been slowed.....
how can i get my computer back to speed?

anotha question is wat is SVCHOST.exe?
im seein wayy too many of those in my process tha most ive eva seen there is 1 or 2 but i have 6 runnin right now

afta my computer messed up on me bcuz tha problem im havin ive processes that ive neva seen b4 runnin from tha task manger and they are

csrss.exe System 3,180K
pctsk.exe System 2,240K
qwerty12.exe System 3,388K
spoolsv.eve System 4,176K
lsass.exe System 1,116K
smss.exe System 348K
svchost.exe System 2,712K
svchost.exe System 3,936K
svchost.exe System 39,028K
svchost.exe Network Service 3,328K
svchost.exe Local Service 3,744K
svchost.exe System 3,440K
system(no .exe from what i saw) system 240K
system idle process System 20K
wuauclt.exe User 3,344K

I Have 480mb of RAM........b4 this happened my computer was goin fast enough for me to do anything i needed 2 now its super slow

can someone plz tell me wat tha problem is and how i can fix it?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-13-2007 6:51 (GMT +1)

Hello memmix smile

It looks like You have a Trojan running - >

QWERTY12.EXE is Trojan/Backdoor.

I therefore suggest You click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-14-2007 5:34 (GMT +1)

i use netscape cuz my IE stopped workin yrs ago so i uninstalled it....(i think) heres tha combofix log i had to use my restore point bcuz my internet stopped working afta i ran it and rebooted tha comp

ComboFix 07-08-14.4 - "user" 2007-08-14 11:52:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.243 [GMT -4:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

F:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
F:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
F:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
F:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
F:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
F:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
F:\DOCUME~1\user\APPLIC~1.\fnts~1
F:\DOCUME~1\user\APPLIC~1.\mantec~1
F:\DOCUME~1\user\APPLIC~1.\mbols~1
F:\DOCUME~1\user\APPLIC~1.\winantispyware 2007
F:\DOCUME~1\user\APPLIC~1.\winantispyware 2007\Logs\update.log
F:\DOCUME~1\user\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
F:\DOCUME~1\user\MYDOCU~1.\wnsxs~1
F:\Program Files\Common Files\winantispyware 2007
F:\Program Files\Common Files\winantispyware 2007\err.log
F:\Program Files\Common Files\WinAntiSpyware 2007\err.log
F:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
F:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
F:\Program Files\winsupdater
F:\Program Files\winupdates
F:\WINDOWS\dobe~1
F:\WINDOWS\poolsv.exe
F:\WINDOWS\retadpu572.exe
F:\WINDOWS\retadpu77.exe
F:\WINDOWS\system32\_003882_.tmp.dll
F:\WINDOWS\system32\_003888_.tmp.dll
F:\WINDOWS\system32\_004048_.tmp.dll
F:\WINDOWS\system32\_004049_.tmp.dll
F:\WINDOWS\system32\_004050_.tmp.dll
F:\WINDOWS\system32\_004051_.tmp.dll
F:\WINDOWS\system32\_004058_.tmp.dll
F:\WINDOWS\system32\_004059_.tmp.dll
F:\WINDOWS\system32\_004060_.tmp.dll
F:\WINDOWS\system32\_004061_.tmp.dll
F:\WINDOWS\system32\_004063_.tmp.dll
F:\WINDOWS\system32\_004064_.tmp.dll
F:\WINDOWS\system32\_004067_.tmp.dll
F:\WINDOWS\system32\_004068_.tmp.dll
F:\WINDOWS\system32\_004070_.tmp.dll
F:\WINDOWS\system32\_004071_.tmp.dll
F:\WINDOWS\system32\_004072_.tmp.dll
F:\WINDOWS\system32\_004073_.tmp.dll
F:\WINDOWS\system32\_004074_.tmp.dll
F:\WINDOWS\system32\_004075_.tmp.dll
F:\WINDOWS\system32\_004077_.tmp.dll
F:\WINDOWS\system32\_004078_.tmp.dll
F:\WINDOWS\system32\_004081_.tmp.dll
F:\WINDOWS\system32\_004082_.tmp.dll
F:\WINDOWS\system32\_004084_.tmp.dll
F:\WINDOWS\system32\_004087_.tmp.dll
F:\WINDOWS\system32\_004089_.tmp.dll
F:\WINDOWS\system32\_004090_.tmp.dll
F:\WINDOWS\system32\_004091_.tmp.dll
F:\WINDOWS\system32\_004092_.tmp.dll
F:\WINDOWS\system32\_004093_.tmp.dll
F:\WINDOWS\system32\_004095_.tmp.dll
F:\WINDOWS\system32\_004097_.tmp.dll
F:\WINDOWS\system32\_004098_.tmp.dll
F:\WINDOWS\system32\_004099_.tmp.dll
F:\WINDOWS\system32\_004103_.tmp.dll
F:\WINDOWS\system32\5.exe
F:\WINDOWS\system32\abadd.bak1
F:\WINDOWS\system32\abadd.bak2
F:\WINDOWS\system32\abadd.ini
F:\WINDOWS\system32\atayvufj.exe
F:\WINDOWS\system32\auvmjoxr.exe
F:\WINDOWS\system32\b02FdUe
F:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
F:\WINDOWS\system32\b10FdUe
F:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
F:\WINDOWS\system32\bdjeasnx.exe
F:\WINDOWS\system32\bszip.dll
F:\WINDOWS\system32\chpukfye.exe
F:\WINDOWS\system32\cidrules.dll
F:\WINDOWS\system32\cjxajigg.exe
F:\WINDOWS\system32\dfdcpjhe.exe
F:\WINDOWS\system32\dlipoyfa.dll
F:\WINDOWS\system32\dwtawjvn.exe
F:\WINDOWS\system32\eojmluqi.ini
F:\WINDOWS\system32\exxstyvm.exe
F:\WINDOWS\system32\fantsdhu.exe
F:\WINDOWS\system32\fatkowmc.exe
F:\WINDOWS\system32\fnugafnk.exe
F:\WINDOWS\system32\fwmbruxd.exe
F:\WINDOWS\system32\gqmtcpfr.exe
F:\WINDOWS\system32\gyjatmnn.exe
F:\WINDOWS\system32\hkaprnvu.exe
F:\WINDOWS\system32\hvhieroe.dll
F:\WINDOWS\system32\ikwjkebl.exe
F:\WINDOWS\system32\inetadpt.dll
F:\WINDOWS\system32\instsrv.exe
F:\WINDOWS\system32\iqaiogdc.exe
F:\WINDOWS\system32\iqulmjoe.dll
F:\WINDOWS\system32\jkbxprny.exe
F:\WINDOWS\system32\jtyhjgeu.dll
F:\WINDOWS\system32\jyhbilrt.exe
F:\WINDOWS\system32\kghexbtt.exe
F:\WINDOWS\system32\ksqqored.exe
F:\WINDOWS\system32\kxppcutb.exe
F:\WINDOWS\system32\lbdmfonh.exe
F:\WINDOWS\system32\lleftfhb.exe
F:\WINDOWS\system32\locdhdqr.dll
F:\WINDOWS\system32\lvckrvbj.exe
F:\WINDOWS\system32\lxfgggdi.exe
F:\WINDOWS\system32\mwiboqmw.exe
F:\WINDOWS\system32\nafhmaah.exe
F:\WINDOWS\system32\nbchvchi.exe
F:\WINDOWS\system32\nlrobybx.dll
F:\WINDOWS\system32\nyuebiba.exe
F:\WINDOWS\system32\o09PrEz
F:\WINDOWS\system32\pfbperkf.exe
F:\WINDOWS\system32\qsyyowha.exe
F:\WINDOWS\system32\qwerty12.exe
F:\WINDOWS\system32\qwscgydx.exe
F:\WINDOWS\system32\rkxcswhy.ini
F:\WINDOWS\system32\rnxogdru.exe
F:\WINDOWS\system32\uedojqid.exe
F:\WINDOWS\system32\uegjhytj.ini
F:\WINDOWS\system32\vabvxgoy.exe
F:\WINDOWS\system32\vbhpqwxj.exe
F:\WINDOWS\system32\vhulfcvi.exe
F:\WINDOWS\system32\vrdejpkv.exe
F:\WINDOWS\system32\vwghbmap.exe
F:\WINDOWS\system32\wincore.dll
F:\WINDOWS\system32\xejlojta.exe
F:\WINDOWS\system32\yhwscxkr.dll
F:\WINDOWS\windowsupd1.exe
F:\WINDOWS\wr.txt
F:\WINDOWS\ystem~1

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\ApiMon
-------\DomainService
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 11:51 51,200 --a------ F:\WINDOWS\nircmd.exe
2007-08-13 21:37 10,872 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-13 21:30 <DIR> d-------- F:\Program Files\CCleaner
2007-08-13 21:16 <DIR> d-------- F:\WINDOWS\LastGood.Tmp
2007-08-12 21:52 310,272 --a------ F:\WINDOWS\system32\winhttp.dll
2007-08-12 21:52 179,200 --a------ F:\WINDOWS\system32\qmgr.dll
2007-08-12 21:52 179,200 --------- F:\WINDOWS\system32\dllcache\qmgr.dll
2007-08-12 21:52 17,408 --------- F:\WINDOWS\system32\qmgrprxy.dll
2007-08-12 21:52 17,408 --------- F:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-12 21:41 <DIR> d-------- F:\Program Files\RegCure
2007-08-11 23:38 <DIR> d-------- F:\VundoFix Backups
2007-08-11 19:57 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2007-08-11 19:57 <DIR> d-------- F:\DOCUME~1\user\APPLIC~1\SUPERAntiSpyware.com
2007-08-11 19:57 <DIR> d-------- F:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-06 12:05 749,568 --a--c--- F:\WINDOWS\system32\dllcache\setup_wm.exe
2007-08-06 12:04 98,304 --a--c--- F:\WINDOWS\system32\dllcache\wmpshell.dll
2007-08-06 12:04 9,728 --a--c--- F:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-06 12:04 73,728 --a--c--- F:\WINDOWS\system32\dllcache\wmplayer.exe
2007-08-06 12:04 7,680 --a--c--- F:\WINDOWS\system32\dllcache\asferror.dll
2007-08-06 12:04 7,680 --a------ F:\WINDOWS\system32\asferror.dll
2007-08-06 12:04 241,664 --a--c--- F:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-06 12:04 241,664 --a------ F:\WINDOWS\system32\mpg4dmod.dll
2007-08-06 12:04 217,600 --a--c--- F:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-06 12:04 20,480 --a--c--- F:\WINDOWS\system32\dllcache\wmpui.dll
2007-08-06 12:04 20,480 --a--c--- F:\WINDOWS\system32\dllcache\wmpcore.dll
2007-08-06 12:04 20,480 --a--c--- F:\WINDOWS\system32\dllcache\wmpcd.dll
2007-08-06 12:04 20,480 --a------ F:\WINDOWS\system32\wmpui.dll
2007-08-06 12:04 20,480 --a------ F:\WINDOWS\system32\wmpcore.dll
2007-08-06 12:04 20,480 --a------ F:\WINDOWS\system32\wmpcd.dll
2007-08-06 12:04 2,940,928 --a--c--- F:\WINDOWS\system32\dllcache\wmploc.dll
2007-08-06 12:04 2,940,928 --a------ F:\WINDOWS\system32\wmploc.dll
2007-08-06 12:04 192,512 --a--c--- F:\WINDOWS\system32\dllcache\unregmp2.exe
2007-08-06 11:55 <DIR> d-------- F:\Program Files\RegVac Registry Cleaner
2007-07-27 05:58 671,744 --a------ F:\WINDOWS\is-0QNTM.exe
2007-07-26 17:03 <DIR> d-------- F:\Program Files\Badongo

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 06:15 --------- d-------- F:\Program Files\Common Files\sysdir
2007-08-14 06:15 --------- d-------- F:\Program Files\Common Files\midaddle
2007-08-13 20:59 16 --a--c--- F:\WINDOWS\system32\msvcsv60.dll
2007-08-11 19:56 --------- d-------- F:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 19:21 --------- d-------- F:\Program Files\Adder Robot
2007-08-07 19:20 --------- d-------- F:\Program Files\Waves
2007-08-01 21:39 73 --a------ F:\WINDOWS\system32\ssprs.dll
2007-08-01 21:39 205 --a------ F:\WINDOWS\system32\lsprst7.dll
2007-06-24 04:00 --------- d-------- F:\Program Files\FriendAdder Combo Pack
2007-06-14 02:27 --------- d-------- F:\Program Files\FLStudio4
2007-05-24 17:59 175694 --ah-c--- F:\WINDOWS\apppatch\iisdos.dll
2005-07-10 03:18 55296 --ahsc--- F:\Program Files\Thumbs.db
2005-04-04 02:38 80427 ---h-c--- F:\DOCUME~1\user\APPLIC~1\ptads.bin
2005-01-12 14:46 324250 -----c--- F:\DOCUME~1\user\APPLIC~1\tvmknwrd.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TV Media"=F:\Program Files\TV Media\Tvm.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" /background
"zSearch"=F:\Program Files\zSearch\Zstb.exe
"TV Media"=F:\Program Files\TV Media\Tvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=1 (0x1)
"Btn_Search"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

R1 delprot;delprot;F:\WINDOWS\System32\drivers\delprot.sys
R1 PQNTDrv;PQNTDrv;F:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 RVIEGVST;VSC VST Engine;\??\F:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
R2 SetupNT;SetupNT;F:\WINDOWS\System32\SetupNT.sys
R3 CLEDX;Team H2O CLEDX service;F:\WINDOWS\System32\DRIVERS\cledx.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;F:\WINDOWS\System32\DRIVERS\fetnd5.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;F:\WINDOWS\System32\DRIVERS\ptserlp.sys
S2 .NET Connection Service;.NET Framework Service;F:\WINDOWS\svchost.exe
S3 IPN2120;Wireless-B PCI Adapter Driver;F:\WINDOWS\System32\DRIVERS\LSIPNDS.sys
S4 Pctspk;PCTEL Speaker Phone;F:\WINDOWS\system32\pctspk.exe

Contents of the 'Scheduled Tasks' folder
2007-08-14 15:40:32 F:\WINDOWS\Tasks\RegCure Program Check.job - F:\Program Files\RegCure\RegCure.exe
2007-08-13 01:41:48 F:\WINDOWS\Tasks\RegCure.job - F:\Program Files\RegCure\RegCure.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:08:00
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 12:14:11 - machine was rebooted
F:\ComboFix-quarantined-files.txt ... 2007-08-14 12:13

--- E O F ---
i cant post tha AVG report bcuz everytime i start to copy and then paste it here my browser freezes up

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-14-2007 6:21 (GMT +1)

You´ve certainly got some crap there shocked

Please post hijackthis log

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-14-2007 9:59 (GMT +1)

k here it is
Logfile of HijackThis v1.99.1
Scan saved at 16:59, on 2007-08-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
F:\Program Files\BulletProofSoft.com\SpywareRemover\BA239BFD.DLL
F:\Program Files\Syncrosoft\POS\H2O\cledx.exe
F:\Program Files\Netscape\Netscape\Netscp.exe
F:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.gonnasearch.com/iesearch.php?ref=sb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\System\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.blackplanet.com/"); (F:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\zuy9aozn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (F:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\zuy9aozn.slt\prefs.js)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: f:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\inetadpt.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - F:\WINDOWS\svchost.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - F:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-14-2007 10:02 (GMT +1)

i have 2 more svchost.exe that tha task manager says is running that that log didnt show i kno for sure this (F:\Program Files\Syncrosoft\POS\H2O\cledx.exe) aint spyware jus in case u didnt kno wat it was...

Post Edited (memmix) : 14-08-2007 21:04:44 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-15-2007 5:43 (GMT +1)

Windows Update
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forum. If not, we're both just wasting our time.

The first step in this process is to apply Service Pack 1a for Windows XP.

Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/network.mspx

Hold off on SP2 until your computer is clean

Apply the update, reboot.

Post new hijackthis log

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-16-2007 1:01 (GMT +1)

it wont let me install tha service.........say access denied.........do u kno why that could be?

memmix
New Member

Date Joined Aug 2007
Total Posts : 7

Posted 8-16-2007 1:02 (GMT +1)

it wont let me install tha service.........say access denied.........do u kno why that could be?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13642

Posted 8-16-2007 5:43 (GMT +1)

Download internet explorer:

http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Try this again ->

Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/network.mspx

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, November 22, 2008 12:19 PM (GMT +1)
There are a total of 64.045 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 155 reply posts. View Active Threads