Need help regarding virus/spyware
-
Hello,
Think i have got some spyware/virus running. Firefox takes up about 600k resources when i open up the task manager preocesses and my computer gets slow at times. Also there seems to be weird processes running in the processes which i try to end most ofthe times.
Heres my hijackthis report. Hopefully someone understands it haha..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下� 07:47:00, on 2012/3/9
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
D:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Ask.com\Updater\Updater.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32 undll32.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32 vsvc32.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\snmp.exe
D:\Program Files\TENCENT\SOSOUpdate.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
d:\program files\avira\antivir desktop\avcenter.exe
D:\Program Files\Avira\AntiVir Desktop\avscan.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTo2.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - D:\Program Files\TENCENT\SSPlus\SAddr.dll
O1 - Hosts file is located at: D:\WINDOWS\System32\hosts
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.28.1564.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE2EMBHO Class - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - D:\Program Files\easyMule\modules\IE2EM.dll
O2 - BHO: Tencent Browser Helper - {164802C6-66A2-15ED-54DC-D023E96C3CFE} - D:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: SOSO工具? - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - D:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - BHO: XLLiteView BrowserHelper Object - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - D:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - D:\Program Files\StartSearch plugin\ssBarLcher.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - D:\Program Files\QvodPlayer\QvodExtend.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - D:\Documents and Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: B8DAD750-61AB-6179-FEFF-40B159AF6A2C Class - {B8DAD750-61AB-6179-FEFF-40B159AF6A2C} - D:\Program Files\QvodPlayer\AddIn\QvodAddr.dll (file missing)
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IE Search Helper - {E0793EB4-2127-679A-0CC8-A9F681D5EC1C} - D:\Program Files\TENCENT\SOSOAddr\ieaddr.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EB7C85AA-58EE-0831-6DFE-2CE201010801 Class - {EB7C85AA-58EE-0831-6DFE-2CE201010801} - D:\Program Files\QvodPlayer\AddIn\QvodAddr.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - D:\Program Files\StartSearch plugin\ssBarLcher.dll
O3 - Toolbar: SOSO工具? - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - D:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] D:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] D:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QvodTerminal] "D:\Program Files\QvodPlayer\QvodTerminal.exe" -autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ApnUpdater] "D:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation view wiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet3 - D:\Documents and Settings\Administrator\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by easyMule - D:\Documents and Settings\Administrator\桌�\IE2EM.htm
O8 - Extra context menu item: Download by FlashGet3 - D:\Documents and Settings\Administrator\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: UseFlashGet - D:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用迅雷下載 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下載全部�接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用電驢下載 - D:\Program Files\easyMule\IE2EM.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 脤艘厙�窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - D:\Program Files\Thunder Network\Thunder\Program epairimage.htm
O9 - Extra 'Tools' menuitem: 脤艘厙�窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - D:\Program Files\Thunder Network\Thunder\Program epairimage.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O12 - Plugin for .thp: D:\Program Files\Internet Explorer\Plugins\NPLM32.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204637604828
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211469461359
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\WINDOWS\system32\KuGoo3DownXControl.ocx
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32 vsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Tencent SOSO Update Service (SOSOUpSvc) - Tencent - D:\Program Files\TENCENT\SOSOUpdate.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 13986 bytes -
The easiest way is to use Spybot - Search and Destroy.
The last time I read a hijacklog was like 1 year plus ago?
I'm getting old, let's wait for the moderator or fellow forumers to give you more advice.I see nothing wrong with the hijacklog, but there's A LOT of programs running in the background. I believe some of the programs you do not use it frequently, so it's good to do some clean up by going to the control panel Add/Remove programs option. The high resources taken up by firefox could be due to some autoupdating services (not very sure about it though...)
-
wowww haha... kk ill wait for more experts then. Isnt spybot rumoured to contain spyware/adware? like a controversial programme itself.?
-
If youre not comfortable using spybot just use malwarebytes....the free version shud be sufficient to detect and remove any virus
-
I don't see any problems with your PC, except that you installed lots of P2P programs and they are running on startup.
Which can slow down your PC... I noticed that those P2P programs always interfered with Firefox and caused it to leak memory indirectly.
Also uninstall Ask Toolbar. Known adware.
-
haha thanks!!! yes thats what i realised too! if i clsoed my p2ps my firefox doesnt lag