Options
Unknown processes consuming virtual memory - dhigu
First of all, kind thanks to the generous people out there who are helping for such complex problems which a normal person may not be able to recognize even.
Since past few days, my computer is unusually slower and when I checked the process running (from task manager) I found runmgr.exe which was consuming almost 95% of the memory.
After surfing awhile I came to know that this not the regular process and something is wrong with it. I suspect few other processes like system64.exe, msev.exe, bois32.exe, msmgr.exe
I went through the basic steps before having the HJTlog file. But at the time of panda online scanning, somehow it sticks up all the time at 90%. I allowed it more than 20 hours for twice but in vain.
I am not sure about what is wrong with my PC, all the time I boot it up, I have to manually end these processes and two applications with non-sense names (some sort of encrypted language may be).
I'm posting here the scan results of
_______________________________________________________________
1. adaware scan log
Scan mode: Full
Scan time: 01:53:11
Number of objects scanned: 412222
Number of infections found: 29
Critical: 26
Privacy Objects: 3
Infections deleted: 29
Total infections quarantined: 26
Total infections ignored by scanner: 0
2.kaspersky scan report
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 18, 2008 16:17:42
Records in database: 1105111
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 78194
Threat name: 23
Infected objects: 72
Suspicious objects: 0
Duration of the scan: 12:21:53
File name / Threat name / Threats count
C:\Program Files\FlashGuard\FlashGuard.exe//UPX//script.au3/C:\Program Files\FlashGuard\FlashGuard.exe//UPX//script.au3 Infected: Worm.Win32.AutoIt.au 1
C:\Windows\msev.exe/C:\Windows\msev.exe Infected: Trojan.Win32.Buzus.pei 1
C:\bois32.exe Infected: Trojan-Downloader.Win32.Small.aamc 1
C:\Documents and Settings\dhigu\12171342681928.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343533224.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343732220.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343892616.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171344083028.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171344234060.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172221813620.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172222513828.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172222953080.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12176264191912.exe Infected: Trojan.Win32.Buzus.pei 1
C:\Documents and Settings\dhigu\clearmgr.exe Infected: Trojan.Win32.Qhost.kjg 1
C:\Documents and Settings\dhigu\cmdmg32.exe Infected: Trojan-Downloader.Win32.Agent.zsk 1
C:\Documents and Settings\dhigu\Local Settings\Temp\DriveGuard.tmp.exe Infected: Worm.Win32.AutoIt.au 1
C:\Documents and Settings\dhigu\Local Settings\Temp\eraseme_27082.exe Infected: Trojan.Win32.Buzus.rph 1
C:\Documents and Settings\dhigu\Local Settings\Temp\gHmpg.tmp.exe Infected: Worm.Win32.AutoIt.au 1
C:\Documents and Settings\dhigu\planet.exe Infected: Trojan.Win32.Pakes.kam 1
C:\Documents and Settings\dhigu\upjdl.exe Infected: Backdoor.Win32.IRCBot.eqq 1
C:\Documents and Settings\dhigu\winplug.exe Infected: Trojan.Win32.Pakes.kav 1
C:\Documents and Settings\dhigu\wins.exe Infected: Trojan-Downloader.Win32.Small.aamc 1
C:\msmgr32.exe Infected: Trojan.Win32.Agent.vls 1
C:\Program Files\FlashGuard\FlashGuard.exe Infected: Worm.Win32.AutoIt.au 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe Infected: Backdoor.Win32.Agent.jue 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe Infected: Backdoor.Win32.IRCBot.eqq 1
C:\w.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\12181640191580.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\13c33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13cfd33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1fssad3d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1fssd3d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s333f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s3c33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s3s33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\a.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\b.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\dcpr2s.exe Infected: Trojan.Win32.Buzus.rph 1
C:\WINDOWS\Fonts\ddoscmd.exe Infected: Trojan.Win32.Qhost.kic 1
C:\WINDOWS\fs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\fs3d33f.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\h1.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\l0l2update.exe Infected: Trojan.Win32.Buzus.npr 1
C:\WINDOWS\msdev23.exe Infected: Trojan.Win32.Buzus.npr 1
C:\WINDOWS\msev.exe Infected: Trojan.Win32.Buzus.pei 1
C:\WINDOWS\nig.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\nsev.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\pr2s.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\sd21.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\sdga.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\service64.exe Infected: Trojan.Win32.Buzus.rph 1
C:\WINDOWS\ssd21.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\system32\drivers\Ahn62.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\WINDOWS\system32\drivers\hnS05.sys Infected: Trojan-Dropper.Win32.Agent.stj 1
C:\WINDOWS\system32\msmgr32.exe Infected: Trojan.Win32.Agent.vls 1
C:\WINDOWS\system32\svchost.ex Infected: Trojan.Win32.Obfuscated.aoc 1
C:\WINDOWS\system32\sysmgr.exe Infected: Trojan-Downloader.Win32.Agent.tm 1
C:\WINDOWS\to.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\to2.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\up.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\up1.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\upwp.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\uspwp.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\waasdqs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\waq.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\waqs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
D:\Downloads\Uniblue Registry Booster + working serial key\Uniblue's RegistryBooster v2 + Tested key\registrybooster.exe Infected: Trojan-Downloader.Win32.VB.gix 1
E:\Burn These\DVD1\softwares\reference.exe Infected: not-a-virus:AdWare.Win32.Comet.cc 1
F:\System Volume Information\_restore{3453D8C2-41C4-459B-99B6-03603A6C0BE6}\RP118\A0061505.exe Infected: not-a-virus:AdWare.Win32.Comet.cc 1
The selected area was scanned.
3. hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:54 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Twain_32\4100\HotKey.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\runmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Virtual Ink\mimio\mimiosys.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Setups\viruses\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\4100\HotKey.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msmgr32] C:\WINDOWS\system32\msmgr32.exe
O4 - HKLM\..\Run: [runmgr] C:\WINDOWS\system32\runmgr.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msev.exe
O4 - HKLM\..\Run: [FlashGuard] "C:\Program Files\FlashGuard\FlashGuard.exe" -run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Services] service64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: mimio Studio.lnk = F:\Program Files\Virtual Ink\mimio\mimiosys.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 10388 bytes
_________________________________________________________________
Please let me know if I have made any mistakes or have to make changes.
Thanks & Regards
Since past few days, my computer is unusually slower and when I checked the process running (from task manager) I found runmgr.exe which was consuming almost 95% of the memory.
After surfing awhile I came to know that this not the regular process and something is wrong with it. I suspect few other processes like system64.exe, msev.exe, bois32.exe, msmgr.exe
I went through the basic steps before having the HJTlog file. But at the time of panda online scanning, somehow it sticks up all the time at 90%. I allowed it more than 20 hours for twice but in vain.
I am not sure about what is wrong with my PC, all the time I boot it up, I have to manually end these processes and two applications with non-sense names (some sort of encrypted language may be).
I'm posting here the scan results of
_______________________________________________________________
1. adaware scan log
Scan mode: Full
Scan time: 01:53:11
Number of objects scanned: 412222
Number of infections found: 29
Critical: 26
Privacy Objects: 3
Infections deleted: 29
Total infections quarantined: 26
Total infections ignored by scanner: 0
2.kaspersky scan report
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 18, 2008 16:17:42
Records in database: 1105111
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 78194
Threat name: 23
Infected objects: 72
Suspicious objects: 0
Duration of the scan: 12:21:53
File name / Threat name / Threats count
C:\Program Files\FlashGuard\FlashGuard.exe//UPX//script.au3/C:\Program Files\FlashGuard\FlashGuard.exe//UPX//script.au3 Infected: Worm.Win32.AutoIt.au 1
C:\Windows\msev.exe/C:\Windows\msev.exe Infected: Trojan.Win32.Buzus.pei 1
C:\bois32.exe Infected: Trojan-Downloader.Win32.Small.aamc 1
C:\Documents and Settings\dhigu\12171342681928.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343533224.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343732220.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171343892616.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171344083028.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12171344234060.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172221813620.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172222513828.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12172222953080.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\Documents and Settings\dhigu\12176264191912.exe Infected: Trojan.Win32.Buzus.pei 1
C:\Documents and Settings\dhigu\clearmgr.exe Infected: Trojan.Win32.Qhost.kjg 1
C:\Documents and Settings\dhigu\cmdmg32.exe Infected: Trojan-Downloader.Win32.Agent.zsk 1
C:\Documents and Settings\dhigu\Local Settings\Temp\DriveGuard.tmp.exe Infected: Worm.Win32.AutoIt.au 1
C:\Documents and Settings\dhigu\Local Settings\Temp\eraseme_27082.exe Infected: Trojan.Win32.Buzus.rph 1
C:\Documents and Settings\dhigu\Local Settings\Temp\gHmpg.tmp.exe Infected: Worm.Win32.AutoIt.au 1
C:\Documents and Settings\dhigu\planet.exe Infected: Trojan.Win32.Pakes.kam 1
C:\Documents and Settings\dhigu\upjdl.exe Infected: Backdoor.Win32.IRCBot.eqq 1
C:\Documents and Settings\dhigu\winplug.exe Infected: Trojan.Win32.Pakes.kav 1
C:\Documents and Settings\dhigu\wins.exe Infected: Trojan-Downloader.Win32.Small.aamc 1
C:\msmgr32.exe Infected: Trojan.Win32.Agent.vls 1
C:\Program Files\FlashGuard\FlashGuard.exe Infected: Worm.Win32.AutoIt.au 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe Infected: Backdoor.Win32.Agent.jue 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\reg32.exe Infected: Backdoor.Win32.IRCBot.eqq 1
C:\w.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\12181640191580.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\13c33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13cfd33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\13f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1fssad3d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1fssd3d33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s333f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s3c33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\1s3s33f.exe Infected: Trojan-Dropper.Win32.VB.bop 1
C:\WINDOWS\a.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\b.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\dcpr2s.exe Infected: Trojan.Win32.Buzus.rph 1
C:\WINDOWS\Fonts\ddoscmd.exe Infected: Trojan.Win32.Qhost.kic 1
C:\WINDOWS\fs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\fs3d33f.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\h1.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\l0l2update.exe Infected: Trojan.Win32.Buzus.npr 1
C:\WINDOWS\msdev23.exe Infected: Trojan.Win32.Buzus.npr 1
C:\WINDOWS\msev.exe Infected: Trojan.Win32.Buzus.pei 1
C:\WINDOWS\nig.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\nsev.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\pr2s.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\sd21.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\sdga.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\service64.exe Infected: Trojan.Win32.Buzus.rph 1
C:\WINDOWS\ssd21.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\system32\drivers\Ahn62.sys Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\WINDOWS\system32\drivers\hnS05.sys Infected: Trojan-Dropper.Win32.Agent.stj 1
C:\WINDOWS\system32\msmgr32.exe Infected: Trojan.Win32.Agent.vls 1
C:\WINDOWS\system32\svchost.ex Infected: Trojan.Win32.Obfuscated.aoc 1
C:\WINDOWS\system32\sysmgr.exe Infected: Trojan-Downloader.Win32.Agent.tm 1
C:\WINDOWS\to.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\to2.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\up.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\up1.exe Infected: Trojan.Win32.Buzus.oxg 1
C:\WINDOWS\upwp.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\uspwp.exe Infected: Trojan.Win32.Buzus.onw 1
C:\WINDOWS\waasdqs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\waq.exe Infected: Trojan-Spy.Win32.Agent.cse 1
C:\WINDOWS\waqs.exe Infected: Trojan-Spy.Win32.Agent.cse 1
D:\Downloads\Uniblue Registry Booster + working serial key\Uniblue's RegistryBooster v2 + Tested key\registrybooster.exe Infected: Trojan-Downloader.Win32.VB.gix 1
E:\Burn These\DVD1\softwares\reference.exe Infected: not-a-virus:AdWare.Win32.Comet.cc 1
F:\System Volume Information\_restore{3453D8C2-41C4-459B-99B6-03603A6C0BE6}\RP118\A0061505.exe Infected: not-a-virus:AdWare.Win32.Comet.cc 1
The selected area was scanned.
3. hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:54 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Twain_32\4100\HotKey.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\runmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Virtual Ink\mimio\mimiosys.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Setups\viruses\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\4100\HotKey.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msmgr32] C:\WINDOWS\system32\msmgr32.exe
O4 - HKLM\..\Run: [runmgr] C:\WINDOWS\system32\runmgr.exe
O4 - HKLM\..\Run: [MSN] C:\Windows\msev.exe
O4 - HKLM\..\Run: [FlashGuard] "C:\Program Files\FlashGuard\FlashGuard.exe" -run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Services] service64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: mimio Studio.lnk = F:\Program Files\Virtual Ink\mimio\mimiosys.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
--
End of file - 10388 bytes
_________________________________________________________________
Please let me know if I have made any mistakes or have to make changes.
Thanks & Regards
0
Comments
I see you have serious malware problem there and I would recommend formatting the entire hard drive. In your situation that is the only way to make sure your computer is secure again. We cannot promise that any other method will work.
Please read this to get more information about Backdoor Trojans > http://www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan
Thank you for sparing time for the mess. I can go for formatting the entire hard drive but only thing is that I am not sure that will it really help? I mean if these malware/trojan stuff may have succeeded to enter the registry of keyroot (something like that) than there are chances that even the formatting and re-installing won't work. Is it true?
And should I do all the scans and post them even after formatting entire hard drive?
Man! There got to be at least some way! Seriously, sometimes these computer gets us in helpless position.
If you wanna, you can post the results after formatting. Up to you.
I'll follow the path of complete formatting and will let you guys know whatever the results may be. Am hoping for the best.
Thanks & Reagrds
Actually was busy packing the stuff since I'm moving to London for further study.
Soon, I'll post up the scans. But for now I can feel the change. It is working good.
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead