Spyware help

Discussion in 'adware, spyware & hijack cleaning' started by KBKneeland, May 20, 2004.

Thread Status:
Not open for further replies.
  1. KBKneeland

    KBKneeland Registered Member

    Joined:
    May 20, 2004
    Posts:
    1
    I have been having a csrss.exe process take 100% of my CPU. Not sure what is causing the problem. Thought this may help my problem.

    I ran the adaware tool then the HijackThis and below is the log.

    Logfile of HijackThis v1.97.7
    Scan saved at 1:28:27 PM, on 5/20/2004
    Platform: Unknown Windows (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 (6.00.3790.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Rational\ClearCase\bin\albd_server.exe
    C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
    C:\ePOAgent\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Ghost\ngctw32.exe
    C:\oracle\ora92\bin\omtsreco.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\ePOAgent\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\hijackthis1977\HijackThis.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\BINN\sqlmangr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O16 - DPF: {0A2B8FD3-52A3-11D4-9E29-0001023AE3ED} (Crypto Class) - http://cardinal.hbg1.jenzabar.net/clientele/Downloads/ImarsFeather.cab
    O16 - DPF: {15E375D9-66D2-437C-9008-30FC63BD86A2} (INVC Participant Console 1.52) - http://www.intechnologies.net/in/clients/participant/bin/INParticipant.cab
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwbd.ops.placeware.com/etc/place/RCC-BETA/pws-ms-02/5.1.2.150/lib/quicksilver.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/291e6043451322ca3605/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38062.5475578704
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D3E12F51-0795-11D2-91CC-00C04FA31C90} (MS Investor Ticker) - http://wwwi/cgi-bin/ticker.cab
     
    KBKneeland, May 20, 2004
    #1
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi KBKneeland,

    Is this your normal startpage? :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

    Cheers,
     
    Unzy, May 21, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...