A HiJack this SpywareDoc talked me into...H E L P!
Results 1 to 15 of 26

Thread: A HiJack this SpywareDoc talked me into...H E L P!

Threaded View

  1. December 3rd, 2009, 09:51 PM #1
    steve_83's Avatar
    steve_83
    steve_83 is offline Virtual PC Surgeon!
    Join Date
    Sep 2001
    Location
    Happiness: In the State of *Mind* Kansas
    Posts
    1,584

    Arrow A HiJack this SpywareDoc talked me into...H E L P!

    Here is the HiJackThis that SpywareDr recommended that I post based on this discussion:
    http://discussions.virtualdr.com/sho...44#post1307744

    I hope I did this correctly and apologize if I did not, or in a reverse order......whatever.

    My best guess is: The problem is in the Malwarebytes logfile.
    Also: I was completely unable to get a logfile from gmer.

    Would it be good enough to just say that a rootkit/malware scan found nothing with gmer's tool?

    Problem summary:

    Windows Explorer stops working (*many* instances)
    -- Kaspersky Internet Security 2010 stops working
    -- Games (not online) stop working
    -- Cleaners....will not, or extremely slow
    -- Full scans with deep rootkit scans are taking 4-5 hours on the Vista side (300GB WD Raptor HD), and 1/4 that amount on the XP side (150GB WD Raptor HD) of my RAID array.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Preliminany scan results from Bit Defender and Panda per P3-450's instructions:
    http://discussions.virtualdr.com/sho...d.php?t=167915

    On a 20 mbps connection (if relevant) the Panda scan took 3 hours, there was no option at that URL that said:
    Disinfect automatically.

    All the results said were:

    Congratulations!

    Today you are not infected
    We have detected that the Kaspersky Internet Security protection on your PC is enabled and up-to-date.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    On to Bit Defender online scan:

    Bit Defender Logfile:

    BitDefender QuickScan Beta 32-bit v0.9.8.2
    ------------------------------------------

    Scan date: Thu Dec 03 10:09:48 2009
    Machine ID: 745F1D5F

    Warning: Only 32-bit processes scanned.


    No infection found.
    ---------------------
    Processes
    ---------
    <unsigned> VolPanlu.exe 2380 C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    <unsigned> Creative Audio Service 1244 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    <unsigned> TWeakIt.exe 2416 C:\Program Files\ASUS\TweakIt\TWeakIt.exe

    <verified> SMax4PNP 2548 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    <verified> Kaspersky Anti-Virus 2528 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    <verified> Kaspersky Anti-Virus 2720 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    <verified> Microsoft Office Word 4160 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    <verified> Firefox 4372 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    <verified> Stereo Vision Control Panel API Server 3676 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    <verified> CPMonitor Application 2480 C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
    <verified> SaibSVC Application 2616 C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
    <verified> RoboForm TaskBar Icon 2328 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    <verified> SUPERAntiSpyware Application 2312 C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE


    Network activity
    ----------------
    Process avp.exe (2720) connected on port 80 (HTTP) - 65.55.17.39
    Process avp.exe (2720) connected on port 80 (HTTP) - 65.55.17.34
    Process avp.exe (2720) connected on port 80 (HTTP) - 209.85.225.138
    Process avp.exe (2720) connected on port 80 (HTTP) - iy-in-f138.1e100.net
    Process avp.exe (2720) connected on port 80 (HTTP) - a96-17-252-20.deploy.akamaitechnologies.com

    Process avp.exe (2720) listens on ports: 1110, 19780


    Autoruns and critical files
    ---------------------------
    <unsigned> VolPanlu.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    <unsigned> ShellExecuteHook c:\program files (x86)\superantispyware\sasseh.dll
    <unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    <unsigned> TWeakIt.exe C:\Program Files\ASUS\TweakIt\TWeakIt.exe
    <unsigned> xInsIDE.exe C:\Windows\RaidTool\xInsIDE.exe

    <verified> SMax4PNP C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    <verified> RoxMMTrayApp Module C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe
    <verified> Kaspersky Anti-Virus C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    <verified> Mozilla 3 Virtual Keyboard c:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
    <verified> Sandbox r3 hooks for virtual processes c:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll
    <verified> CPMonitor Application C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
    <verified> RoboForm TaskBar Icon C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    <verified> SUPERAntiSpyware Application C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    <verified> Windows Sidebar C:\Program Files\Windows Sidebar\sidebar.exe
    <verified> Shell Browser UI Library c:\windows\system32\browseui.dll
    <verified> Microsoft Feeds Synchronization C:\Windows\system32\msfeedssync.exe
    <verified> Web Site Monitor c:\windows\syswow64\webcheck.dll
    <verified> Welcome Center oobefldr.dll
    <verified> Userinit Logon Application userinit.exe


    Browser plugins
    ---------------

    <verified> IE Virtual Keyboard c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    <verified> WebToolBar component c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    <verified> Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    <verified> Office Plugin for Netscape Navigator C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    <verified> RoboForm Main Module C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    <verified> InstallShield Update Service Setup Player Module C:\Windows\Downloaded Program Files\dwusplay.dll
    <verified> InstallShield Update Service Setup Player C:\Windows\Downloaded Program Files\dwusplay.exe
    <verified> Macrovision Software Manager Web Agent C:\Windows\Downloaded Program Files\isusweb.dll
    <verified> Windows Presentation Foundation (WPF) plug-in for c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    <verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    <verified> Microsoft Windows Sockets 2.0 Service Provider C:\Windows\System32\mswsock.dll
    <verified> E-mail Naming Shim Provider C:\Windows\system32\napinsp.dll
    <verified> Network Location Awareness 2 C:\Windows\system32\NLAapi.dll
    <verified> PNRP Name Space Provider C:\Windows\system32\pnrpnsp.dll
    <verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll
    <verified> Internet Explorer C:\Windows\SysWOW64\ieframe.dll


    Scan
    ----

    No file uploaded.

    Scan finished - communication took 4 sec
    Total traffic - 0.04 MB sent, 1.16 KB recvd
    Scanned 716 files and modules - 32 seconds
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Proceeding to Malwarebytes and SUPERantispyware logs -->
    Last edited by steve_83; December 3rd, 2009 at 10:07 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules