anything look suspicious here? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 08-04-2004, 01:26 AM   #1 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,007
Default anything look suspicious here?

yes...i am being a little lazy here , but....does anything here look suspicious in my running processes?



i don't like the fact that there are repetative processes running at all but......any suggestions.....besides not being so lazy?

microbell?
__________________

jaksback is offline  
Old 08-04-2004, 03:19 AM   #2 (permalink)
ID.10T
 
ohGrFreak's Avatar
 
Join Date: Jul 2004
Location: Midwest in tha houzze
Posts: 1,657
Send a message via AIM to ohGrFreak Send a message via Yahoo to ohGrFreak
Default

my svchost.exe runs multiples all the time too. what the heck is this thing? and is it normal? sorry I couldn't answer your question, cause I wouldn't know.
__________________

__________________
ohGrFreak is offline  
Old 08-04-2004, 03:27 AM   #3 (permalink)
Ultra Techie
 
Join Date: Jan 2004
Posts: 643
Send a message via AIM to anarchy
Default

Ya....I've heard of this new virus that I think is on your computer.

Make sure everytime you log on, end the process "explorer.exe". It doesn't do anything it just takes up CPU usage. Get rid of it.




Jeez let me see how many idiots don't read my whole post and start going off on me how retarted I sound.

I don't see anything wrong, I have those repetitive processes too but I 'm too scared to end any of them, you all know Windows and how one mistake will end your life!
__________________


Search TF!
<form method=\"get\" action=\"http://www.theriddlehouse.com/random/tfsearch.php\"><input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search!\"></form></small></font></p></p>
anarchy is offline  
Old 08-04-2004, 04:30 AM   #4 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

Quote:
Originally posted by Placebo


I have also seen keyloggers use the process svchost.exe...


Depends on where it is located if you see svchost ant other place that the systems 32 folder then it is no good.

You can have 3 even 5 svchost files in the task manager I have 4 myself


as far as explorer.exe you need it to run windows it runs your desktop and other things

I don't see anything out of the ordinary in your process list .
if you want i'll look at your hijack this log it will be easier to figure out if anything is wrong

Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 08-04-2004, 08:58 AM   #5 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,007
Default

here it is but most of it appears pretty clean to me:

Logfile of HijackThis v1.97.7
Scan saved at 5:58:34 AM, on 8/4/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\cisvc.exe
D:\WINNT\system32\CTsvcCDA.exe
D:\WINNT\System32\svchost.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\VetMsgNT.exe
D:\WINNT\system32\ZONELABS\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\MsPMSPSv.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Stardock\SDMCP.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\WINNT\system32\CTHELPER.EXE
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
D:\Documents and Settings\jack mosher\Local Settings\Temp\FreeRAM XP Pro 1.40.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
D:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\Documents and Settings\jack mosher\My Documents\dowloads from school\hijack this stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust...//my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\planetscott.ca\PopupBlock\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PopupBlock] D:\Program Files\planetscott.ca\PopupBlock\PopupBlock.exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] D:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [VetTray] D:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Documents and Settings\jack mosher\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [RemoteCenter] D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Iconoid] "D:\Program Files\Iconoid\iconoid.exe" -wait 0
O4 - HKCU\..\Run: [WindowBlinds] D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdc...cx_tgctlcm.jsp
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.mindleaders.com/dpec/...bs/awswaxf.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...063.3227546296
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
jaksback is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:39 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.