0

finally got my computer going... not in safe mode. that ashweb seems to be a huge problem.

here is my newest hijack

Logfile of HijackThis v1.99.1
Scan saved at 8:41:07 AM, on 8/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lfoql.exe] C:\WINDOWS\System32\lfoql.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTunes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129012798000
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4642/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54073110-24A0-4593-A4A8-73ED5C793859}: NameServer = 85.255.116.29,85.255.112.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.29 85.255.112.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{54073110-24A0-4593-A4A8-73ED5C793859}: NameServer = 85.255.116.29,85.255.112.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.29 85.255.112.134
O20 - Winlogon Notify: fslbpxhf - C:\WINDOWS\SYSTEM32\fslbpxhf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: xoamefwa - C:\WINDOWS\SYSTEM32\xoamefwa.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

please.. anyone... this is my third attempt here. i've been without a computer for 4 weeks.

7
Contributors
9
Replies
10
Views
11 Years
Discussion Span
Last Post by crunchie
1

Yeah, i know it's old, but there's not a lot of information on this and this link comes up near the top of google search for ashwebsv.exe. Also, this still happens even with the newest version of HJT. I just want to make sure that nobody follows the advice of this complete idiot.

ashwebsv.exe is AVAST ANTI-VIRUS'S WEBSCANNER!!! YOU NEED IT IF YOU HAVE AVAST ANTIVIRUS!!! Furthermore, the "file missing" is a BUG in hijackthis. you will find that if you search your drive, it is likely not missing unless you uninstalled avast wrong or something. If you find the file, it's not missing, is it? If you run avast, you need it. Ignore hijack this and this idiot above. DO NOT REMOVE IT YOU WILL HAVE NO AVAST WEBSCANNER!!!

0

Your problem is more than likely caused by the fact that you have THREE anti-virus programs running on the computer...at least a portions of Ewido Security Suite, and also Norton and Avast. The absolute rule is ONE anti-virus program on a computer. Pick ONE and totally UNINSTALL the others. Your choice. But be sure to UNINSTALL via Add/Remove, DON'T under any circumstances just delete them. If that Avast file shows as missing then it probably means that you attempted to uninstall but did not. You must do it the correct way otherwise portions of programs remain and cause problems.

Once you have done the uninstalls then REBOOT the computer. Delete the OLD version of HiJackThis that you have and download the newest version from HERE Be sure to install it to a folder of it's own. To do this create a new folder by right clicking on the desktop and choose New Folder. Then Rename the Folder HJT.
Download the new version of HJT to this folder and then run a new full system scan. Post back here with that new log.
You need to run a new scan with the newest version of HJT because there IS malware showing on the present log.

0

If you are not using avast but have been in the past I sugest that you make sure you have properly uninstalled avast or that you left click ashwebsv.exe in windows task manager and end the proccess tree.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.