Computer acting "Funny"

Discussion in 'malware problems & news' started by Hegemon, Mar 29, 2007.

Thread Status:
Not open for further replies.
  1. Hegemon

    Hegemon Registered Member

    Joined:
    Mar 29, 2007
    Posts:
    1
    Hi all,

    My computer is acting a bit strange. I have noticed a decrease in system performance, when I hit Ctrl-Alt-Delete the task bar icon shows 100% cpu usage that drops down to normal when viewing my tasks and when I hit delete I see it go back up to 100% before it disapears. I have also noticed a different cursor on some screens that looks like 'l that. Also some windows have strange color issues around the file/edit/view etc menu's that discolors when pressed and I have been recently losing my auto login on several sites, forcing me to retype passwords.

    All in all very strange things. I am really hoping to avoid wiping my machine and any suggestions/help would be greatly appreciated. Also if I have forgotten a specific program or test please let me know Below are my logs:

    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Scotts@SCOTT, 03-29-2007
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\wininit.ini [rename]
    NUL=InitTermMutexc54
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\System32\scrnsave.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    C:\WINDOWS\System32\scrnsave.scr
    HKCR\vbsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\siService.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Hardware Abstraction Layer
    C:\WINDOWS\KHALMNPR.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\APVXDWIN
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CTHelper
    C:\WINDOWS\CTHELPER.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CTxfiHlp
    C:\WINDOWS\system32\CTXFIHLP.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GoToMyPC
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper
    C:\Program Files\iTunes\iTunesHelper.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\H/PC Connection Agent
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
    C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
    C:\WINDOWS\Tasks\Uniblue SpyEraser.job
    C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoToMyPC.lnk
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    Interexe
    L
    OODBS
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll

    --------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 4:03:47 PM, on 3/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\3ware\3DM\3dmd.exe
    C:\WINDOWS\System32\3wareSrv.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
    C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    c:\program files\panda software\panda antivirus 2007\WebProxy.exe
    C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
    C:\Program Files\GIANT Company Software\Spam Inspector\siMain.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Scotts\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - Global Startup: GoToMyPC.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
    O23 - Service: 3DM - Unknown owner - C:\Program Files\3ware\3DM\3dmd.exe
    O23 - Service: 3ware Escalade Service (3wareSrv) - Unknown owner - C:\WINDOWS\System32\3wareSrv.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe

    -----------------------------
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I don't think that the log analysis service is available on this forum. There are many other tech support forums that will look over the log and inform you if something looks funny. A lot of things can cause changes to your system, but I would start with using any of the free online scanners to see if they detect anything. You might also try a rootkit scanner as well.

    BTW, welcome to the forum
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
Loading...
Thread Status:
Not open for further replies.