Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
Firstly, I get an svchost.exe error, I've done a search of this forum but there seems to be different errors and I couldn't find anything about this one:



Afterwards, my task manager ends up looking like this:



Or it doesn't work at all (the icon will show up in the system tray but it won't show up on the desktop)

Also, I'm finding that my Windows Audio service is stopping for no reason, soon or simultaneously with the above errors, I keep having to go back into Control Panel ->Administrative Tools -> Services and then restarting that service.

Thank you for any help- I'm not very computer literate so you patience is much appreciated :D
 

·
Registered
Joined
·
11,849 Posts
Welcome to TSG....

To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
Filename = 1137518044HJTsetup.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

A security expert should take a look at your log - please be patient.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #4 ·
ozrom1e: I am working on that, I am at work right now, I will do that as soon as I get home...

thumb10.40: No particular program- sometimes it happens just a few minutes after startup, sometimes it can be an hour or some more :D

Here is the security log:

Logfile of HijackThis v1.99.1
Scan saved at 12:00:22 AM, on 12/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.bigpond.com/default.asp
R1 - HKCU\Software\Microsoft\Internet Connection

Wizard,ShellNext = http://www.optusnet.com.au/
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Interne

t Settings,ProxyOverride = http://localhost
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) -

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BigPondCable] "C:\Program

Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: Save Flash -

res://C:\Program Files\UnH Solutions\Flash Saving

Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash -

{43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} -

C:\Program Files\UnH Solutions\Flash Saving

Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mp3: C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .wmv: C:\Program

Files\Netscape\Navigator\Program\PLUGINS\npdsplay.dll
O16 - DPF: ConferenceRoom Java Client -

http://chat.bigpond.com/java/cr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE}

(LSSupCtl Class) -

https://www-secure.symantec.com/techsupp/asa/LSSupCtl

.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53}

(VerifyGMN Class) -

http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstal

ler_gmn.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/SymADat

a.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}

(Hotmail Attachments Control) -

http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt

.ocx
O20 - Winlogon Notify: pptp16 -

C:\WINDOWS\SYSTEM32\pptp16.dll
O20 - Winlogon Notify: WRNotifier -

C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Broadband Cable Login

(bpcService) - Unknown owner - C:\Program

Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc)

- Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -

Creative Technology Ltd -

C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown

owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service

(NPFMntor) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation -

C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -

Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ

.exe
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation

- C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine

(WebrootSpySweeperService) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
You have Haxdoor infection.

You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top