• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
aparkes

Possible Trojan

2 posts in this topic

I have run an upto date Adaware, AVG AV, Spybott, removeCWSkiller, CWShredder and still my PC is running very slowly with 2 services.exe files, the second services.exe utilising 99% of my CPU. (both seem to be in the System32 folder.

 

I have included a Hijackthis log and an adaware log and would be grateful for any help.

 

Logfile of HijackThis v1.98.0

Scan saved at 18:38:30, on 14/07/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SYSTEM32\SERVICES.EXE

C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\WINNT\shico.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

C:\hijackthis\hijackthis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [shico] C:\WINNT\shico.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inetdata\services.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [xp_system] C:\WINNT\inetdata\services.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Photoshop 7.0.1.lnk = C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: www.mt-download.com

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{901

 

 

 

Lavasoft Ad-aware Personal Build 6.181

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 15-07-2004 01:33:47

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINNT\system32\

 

#:3 [services.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:33:54

BasePriority : Normal

FileSize : 86 KB

FileVersion : 5.00.2195.3940

ProductVersion : 5.00.2195.3940

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 01/01/1980 07:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:4 [lsass.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:33:54

BasePriority : Normal

FileSize : 32 KB

FileVersion : 5.00.2195.6902

ProductVersion : 5.00.2195.6902

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : LSA Executable and Server DLL (Export Version)

InternalName : lsasrv.dll and lsass.exe

OriginalFilename : lsasrv.dll and lsass.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 08/05/2001 19:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 25/02/2004 23:59:08

 

#:5 [svchost.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:34:01

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 01/01/1980 07:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 08/05/2001 14:00:00

 

#:6 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

 

#:7 [ccevtmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

 

#:8 [spoolsv.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:34:03

BasePriority : Normal

FileSize : 44 KB

FileVersion : 5.00.2195.4299

ProductVersion : 5.00.2195.4299

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolss.exe

OriginalFilename : spoolss.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 08/05/2001 19:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:9 [nhksrv.exe]

FilePath : C:\Program Files\Netropa\Multimedia Keyboard\

ThreadCreationTime : 15-07-2004 01:34:03

BasePriority : Normal

FileSize : 28 KB

Created on : 02/05/2002 10:30:28

Last accessed : 14/07/2004 07:00:00

Last modified : 13/09/2000 23:18:26

 

#:10 [3cdminic.exe]

FilePath : C:\WINNT\System32\3Com_DMI\

 

#:11 [svchost.exe]

FilePath : C:\WINNT\System32\

ThreadCreationTime : 15-07-2004 01:34:05

BasePriority : Normal

FileSize : 7 KB

FileVersion : 5.00.2134.1

ProductVersion : 5.00.2134.1

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 01/01/1980 07:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 08/05/2001 14:00:00

 

#:12 [navapsvc.exe]

FilePath : C:\Program Files\Norton AntiVirus\

 

#:13 [nvsvc32.exe]

FilePath : C:\WINNT\System32\

ThreadCreationTime : 15-07-2004 01:34:06

BasePriority : Normal

FileSize : 56 KB

FileVersion : 5.13.01.1520

ProductVersion : 5.13.01.1520

Copyright : Copyright

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 15.20

InternalName : NVSVC

OriginalFilename : nvsvc32.exe

 

ProductName : NVIDIA Driver Helper Service, Version 15.20

Created on : 01/01/1980 07:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 31/08/2001 05:56:00

 

#:14 [regsvc.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:34:07

BasePriority : Normal

FileSize : 65 KB

FileVersion : 5.00.2195.3649

ProductVersion : 5.00.2195.3649

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Remote Registry Service

InternalName : regsvc

OriginalFilename : REGSVC.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 21/10/2003 01:12:52

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:15 [savscan.exe]

FilePath : C:\Program Files\Norton AntiVirus\

 

#:16 [mstask.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:34:14

BasePriority : Normal

FileSize : 115 KB

FileVersion : 4.71.2195.1

ProductVersion : 4.71.2195.1

Copyright : Copyright © Microsoft Corp. 1997

CompanyName : Microsoft Corporation

FileDescription : Task Scheduler Engine

InternalName : TaskScheduler

OriginalFilename : mstask.exe

ProductName : Microsoft

Created on : 21/10/2003 01:12:47

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:17 [stisvc.exe]

FilePath : C:\WINNT\system32\

ThreadCreationTime : 15-07-2004 01:34:15

BasePriority : Normal

FileSize : 60 KB

FileVersion : 5.00.2195.3649

ProductVersion : 5.00.2195.3649

Copyright : Copyright © Microsoft Corp. 1996-1997

CompanyName : Microsoft Corporation

FileDescription : Still Image Devices Monitor

InternalName : STIMON

OriginalFilename : STIMON.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 21/10/2003 01:12:54

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:18 [symlcsvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\

ThreadCreationTime : 15-07-2004 01:34:16

BasePriority : Normal

FileSize : 588 KB

FileVersion : 1, 8, 50, 196

ProductVersion : 1, 8, 50, 196

Copyright : Copyright © 2003

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

OriginalFilename : symlcsvc.exe

ProductName : Symantec Core Component

Created on : 07/07/2004 02:25:24

Last accessed : 14/07/2004 07:00:00

Last modified : 07/07/2004 02:25:26

 

#:19 [vsmon.exe]

FilePath : C:\WINNT\SYSTEM32\ZONELABS\

ThreadCreationTime : 15-07-2004 01:34:20

BasePriority : Normal

FileSize : 893 KB

FileVersion : 5.0.590.043

ProductVersion : 5.0.590.043

Copyright : Copyright

CompanyName : Zone Labs Inc.

FileDescription : TrueVector Service

InternalName : vsmon

OriginalFilename : vsmon.exe

ProductName : TrueVector Service

Created on : 01/07/2004 01:13:26

Last accessed : 14/07/2004 07:00:00

Last modified : 16/06/2004 11:47:36

 

#:20 [explorer.exe]

FilePath : C:\WINNT\

ThreadCreationTime : 15-07-2004 01:35:17

BasePriority : Normal

FileSize : 237 KB

FileVersion : 5.00.3502.5321

ProductVersion : 5.00.3502.5321

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 21/10/2003 01:12:57

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:21 [services.exe]

FilePath : C:\WINNT\SYSTEM32\

ThreadCreationTime : 15-07-2004 01:35:22

BasePriority : Normal

FileSize : 86 KB

FileVersion : 5.00.2195.3940

ProductVersion : 5.00.2195.3940

Copyright : Copyright © Microsoft Corp. 1981-1999

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft® Windows ® 2000 Operating System

Created on : 01/01/1980 07:00:00

Last accessed : 14/07/2004 07:00:00

Last modified : 22/07/2002 19:05:04

 

#:22 [mmkeybd.exe]

FilePath : C:\Program Files\Netropa\Multimedia Keyboard\

ThreadCreationTime : 15-07-2004 01:35:25

BasePriority : Normal

FileSize : 124 KB

FileVersion : 1.00

ProductVersion : 1.00

Copyright : Copyright

CompanyName : Netropa Corp.

FileDescription : Netropa Hot Key

InternalName : DellTouch Programmable Keys

OriginalFilename : nhk.exe

ProductName : DellTouch Programmable Keys

Created on : 02/05/2002 10:30:28

Last accessed : 14/07/2004 07:00:00

Last modified : 21/09/2000 21:34:12

 

#:23 [mmusbkb2.exe]

FilePath : C:\Program Files\Netropa\Multimedia Keyboard\

ThreadCreationTime : 15-07-2004 01:35:26

BasePriority : Normal

FileSize : 48 KB

FileVersion : 1.70

ProductVersion : 1.70

Copyright : Copyright

CompanyName : Netropa Corporation

FileDescription : USB Multimedia Keyboard Driver 2

InternalName : mmusbkb2

OriginalFilename : mmusbkb2.exe

ProductName : USB Multimedia Keyboard Driver 2

Created on : 02/05/2002 10:30:28

Last accessed : 14/07/2004 07:00:00

Last modified : 21/09/2000 21:15:26

 

#:24 [directcd.exe]

FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\

 

#:25 [osd.exe]

FilePath : C:\Program Files\Netropa\Onscreen Display\

ThreadCreationTime : 15-07-2004 01:35:27

BasePriority : Normal

FileSize : 84 KB

FileVersion : 2.01

ProductVersion : 2.01

Copyright : Copyright

CompanyName : Netropa Corp.

FileDescription : Netropa Onscreen Display

InternalName : OSD

OriginalFilename : osd.exe

ProductName : Onscreen Display

Created on : 02/05/2002 10:30:28

Last accessed : 14/07/2004 07:00:00

Last modified : 22/09/2000 01:26:24

 

#:26 [shico.exe]

FilePath : C:\WINNT\

ThreadCreationTime : 15-07-2004 01:35:28

BasePriority : Normal

FileSize : 108 KB

Created on : 27/01/2004 22:16:20

Last accessed : 14/07/2004 07:00:00

Last modified : 13/06/2003 17:45:18

 

#:27 [zlclient.exe]

FilePath : C:\Program Files\Zone Labs\ZoneAlarm\

 

#:28 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

 

#:29 [hijackthis.exe]

FilePath : C:\hijackthis\

 

#:30 [firefox.exe]

FilePath : C:\Program Files\Mozilla Firefox\

 

#:31 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-aware 6\

Share this post


Link to post
Share on other sites

Print out these instructions so you can read them while you clean your system.

 

Now close all open windows AND browsers and check these items for HJT to fix:

O4 - HKLM\..\Run: [shico] C:\WINNT\shico.exe

O4 - HKLM\..\Run: [xp_system] C:\WINNT\inetdata\services.exe

O4 - HKCU\..\Run: [xp_system] C:\WINNT\inetdata\services.exe

O15 - Trusted Zone: www.mt-download.com

 

Please reboot into safe mode - How do I boot into "Safe" mode?

 

Delete these files:

C:\WINNT\shico.exe

C:\WINNT\inetdata\services.exe

 

You may need to show hidden files to delete them.How to show all hidden and system files

 

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.

* C:\WINNT\Temp\

* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet

content including cookies. This is recommended and strongly suggested.

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* Empty your "Recycle Bin".

 

Reboot and post a fresh log in this thread to give you further recommendations.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0