Jump to content

Hijack log


Recommended Posts

Hi my problem is that my laptop is running considerably slower and can't run a system restore. Norton Antivirus is also not responding. I can't post a GMER log as the laptop reboots during a Rootkit Scanner scan.

Many Thanks

DDS:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.19120

Run by shahinah at 17:24:03 on 2011-08-12

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.2038.1034 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.EXE

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{5F30A0C6-4080-4908-9980-FEEC22A5BFB5} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{69330EC1-CA3E-406D-ADA7-B63EF416B597} : DhcpNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\SymDS.sys [2011-6-4 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\SymEFA.sys [2011-6-4 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-23 815736]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\definitions\ipsdefs\20110810.030\IDSvix86.sys [2011-8-11 367736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\Ironx86.sys [2011-6-4 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-6-4 331384]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccSvcHst.exe [2011-6-4 130008]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2011-6-5 104960]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-6-5 17920]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-6-4 599040]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-12 13:10:11 -------- d-----w- c:\users\shahinah\appdata\roaming\Malwarebytes

2011-08-12 13:04:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-12 13:04:32 -------- d-----w- c:\programdata\Malwarebytes

2011-08-12 13:04:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 13:04:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-12 12:28:08 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-08-12 12:28:02 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8158ac36-c66c-473f-8102-0574ed069831}\mpengine.dll

2011-08-12 12:28:01 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-12 11:45:43 -------- d-----w- c:\users\shahinah\appdata\local\Symantec

2011-08-12 11:38:00 -------- d-sh--w- C:\found.000

2011-08-11 18:23:49 -------- d-----w- c:\programdata\Citrix

2011-08-11 18:22:57 -------- d-----w- c:\users\shahinah\appdata\roaming\ICAClient

2011-08-11 18:22:57 -------- d-----w- c:\users\shahinah\appdata\local\Citrix

2011-08-11 18:22:51 -------- d-----w- c:\program files\Citrix

2011-08-10 13:37:36 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 00:39:34 -------- d-----w- c:\program files\Windows Portable Devices

2011-08-09 22:58:32 -------- d-----w- c:\users\shahinah\appdata\local\Microsoft Games

2011-08-09 21:08:38 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2011-08-09 21:08:37 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2011-08-09 21:08:37 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-08-09 21:06:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-09 21:06:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-09 21:06:23 234496 ----a-w- c:\windows\system32\oleacc.dll

2011-08-09 20:54:39 231424 ----a-w- c:\windows\system32\msshsq.dll

2011-08-09 18:23:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-09 13:45:08 -------- d-----w- c:\users\shahinah\appdata\local\Adobe

2011-08-08 23:42:29 -------- d-----w- c:\windows\system32\eu-ES

2011-08-08 23:42:29 -------- d-----w- c:\windows\system32\ca-ES

2011-08-08 23:42:25 -------- d-----w- c:\windows\system32\vi-VN

2011-08-08 22:44:13 -------- d-----w- c:\windows\system32\EventProviders

2011-08-08 22:42:59 2241536 ----a-w- c:\windows\system32\msi.dll

2011-08-08 22:41:59 860160 ----a-w- c:\windows\system32\WerFaultSecure.exe

2011-08-08 22:19:14 -------- d-----w- c:\users\shahinah\appdata\local\CrashDumps

2011-08-08 21:54:10 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-08 21:54:05 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-08-08 21:54:05 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-08 21:54:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-08-08 21:54:02 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-08-08 21:54:01 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-08-08 21:53:57 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-08-08 21:52:54 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-08 21:52:51 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-08 21:51:23 276992 ----a-w- c:\windows\system32\schannel.dll

.

==================== Find3M ====================

.

2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-06-04 22:48:59 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-04 22:00:46 45056 ----a-w- c:\windows\NCUNINST.EXE

.

============= FINISH: 17:24:53.41 ===============

MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7441

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19120

12/08/2011 17:23:16

mbam-log-2011-08-12 (17-23-16).txt

Scan type: Quick scan

Objects scanned: 149110

Time elapsed: 16 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I do not believe this is malware related.

Do you remember when exactly this issue began? Maybe after installing new software or hardware?

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.