HJT Log -serious problems after several scans

Author	All Replies
trebacz Premium join:2003-01-03 Mchenry, IL	HJT Log -serious problems after several scans Friends computer. Originally it was very slow -and had pop up ads. It would take several minutes to reboot. When it rebooted it would complain about Mssrvc.exe being corrupt an having to be shut down. Unfortunately this is my first experience with a heavily abused computer. I'd like to know how compromised it is. I'm planning a full system reinstall, but would like to let them know if any information may have been compromised. The machine had Norton antivirus, adware, spybot, and HijackThis installed -no firewall or NAT protection. Eventually I got the virus definitions updated for Norton after reinstalling the live updater. All other version were up to date. I didn't follow the procedure on this forum (didn't see it until several failed attempts at removing various files). In general if something is removed using HJT it comes back once the computer is connected back to the internet. Is setver32.exe a trojan? Logfile of HijackThis v1.98.0 Scan saved at 10:29:18 PM, on 9/13/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe c:\WINDOWS\system32\userlist.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe c:\WINDOWS\system32\runbatch.exe C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\setver32.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\carpserv.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe C:\Palm\HOTSYNC.EXE C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\Documents and Settings\Imaxx Customer\Desktop\HijackThis.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll O4 - HKLM\..\Run: [Windows secure] setver32.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Spool Server Daemon] SPOOLSVD32.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup O4 - HKLM\..\RunServices: [Windows secure] setver32.exe O4 - HKLM\..\RunServices: [Spool Server Daemon] SPOOLSVD32.EXE O4 - HKLM\..\RunServices: [Microsoft AutoUpdater] svhost.exe O4 - HKLM\..\RunOnce: [Windows secure] setver32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Cacc] C:\Documents and Settings\Imaxx Customer\Application Data\itaa.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Windows secure] setver32.exe O4 - HKCU\..\RunOnce: [Windows secure] setver32.exe O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE O4 - Global Startup: PowerReg Scheduler.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O15 - Trusted Zone: .sbcglobal.net O15 - Trusted Zone: ».sbcglobal.net
trebacz Premium join:2003-01-03 Mchenry, IL	to forum · permalink · · 2004-09-13 23:51:27 ·
siggyx Siggy Premium join:2003-12-10 Cambridge 2 edits	Upload the file to the link below and it will scan it and produce a log. Would be nice to see what it is so if you could post the log would appreciate it. »www.kaspersky.com/scanforvirus I would then commend following the steps in the below thread and posting a new log. »Security »I think my computer is infected or hijacked. What should I do? There is an updated version of hijackthis that you can get from here »www.softpedia.com/public/cat/10/···69.shtml -- The next best thing to being smart is being able to quote someone who is.
	to forum · permalink · · 2004-09-14 00:41:26 ·


Friday, 27-Nov 05:27:50	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF