0

Hi all! First post here, so gonna jump right in... Yesterday while working on the internet I suddenly was unable to access the internet. Thinking quickly I snagged another computer in the house (the one i'm currently on) and checked to see if i could access on it, of course it worked. This leads me to believe that i've got a bug/virus/spyware/malware/worm hidden on my machine. So below i'm gonna add my logfile from hijack this and see if anybody can gimmie a hand! Thank you in advance for all your help and input!

Hijack This Log File:

Logfile of HijackThis v1.99.1
Scan Saved at 10:08:07 Am, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
(6.00.2900.2180)

Running Processes:
C:\windows\system32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Progra~1\Grisoft\AVG7\avgamsvr.exe
C:\Windows\Explorer.exe
C:\Progra~1\Grisoft\AVG7\avgupsvc.exe
C:\Windows\system32\CTsvcCDA.exe
C:\windows\system32\UAService7.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\java\jre1.6.0_02/bin/jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\utilman.exe
C:\windows\system32\wscntfy.exe
G:\Program Files\Hijackthis\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = http://google.bearshare.com/
02 - BHO: Adobe PDF Reader Link Helper - {06849e9f-C8D7-4D590B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcoIEHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre1.6.0_02\bin]ssv.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\google\googletoolbar2.dll (file missing)
04 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\ Module Loader\ Audio Emulator\AudDrvEm.dll"
04 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
04 - HKLM\..\Run [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\justched.exe"
04 - HKLM\..\Run [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
04 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
04 - HKLM\..\Run [Worm Detector] C:\Program Files\Worm Detector 3\Wd.exe tray
04 - HKLM\..\RunOnce [MyWebSearch bar uninstall] rundll32 C:\Progra~1\Uninst~1.DLL,0 -3
04 - Global Startup: Adobe reader Speed launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_s1.exe
08 - Extra Context menu item: &Gogle Search - res://C:\program files\google\GoogleToolbar2.dll/cmsearch.html
08 - Extra Context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
08 - Extra Context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
08 - Exra Context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
08 - Extra Context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
08 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
09 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\java\jre1.6.0_02\bin]ssv.dll
09 Extra 'Tools' menuitem: Sun java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
020 - Winlogon ntify: WgaLogon - C:\Windows\System32\WgaLogon.dll
021 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45BO-95D7-94D524869DB5} = C:\Windows\system32\WPDShServiceObj.dll
023 - Service: Ati hotkey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
023 - Service: Ati Smart - Unknown owner - C:\Windows\system32\ati2sgag.exe
023 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o - C:\Progra~1\Grisoft\AVG7\avgamsvr.exe
023 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o - C:\Progra~1\Grisoft\AVG7\avgupsvc.exe
023 - Service: Creative Service for CDROM Access - Creative Technology LTD - C:\Windows\System32\CTsvcCDA.exe
023 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\program files\ewido anti-spyware 4.0\guard.exe
023 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Installshield\driver\1050\Intel 32\IdriverT.exe
023 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
023 - Service: StarWind isCSI Service (StarWindService) - Unknown Owner - G:\Program Files\Alcohol Soft\Alcohol 120\Starwind\StarwindService.exe (file missing)
023 - Service: SecuRom user Access Service (V7) (UserAccess7) - Son DADC Austria AG. - C:\Windows\system32\UAService7.exe

Well thats it, without my burner working had to type it, don't think there were any typo's. Hope to hear from you all soon! And thanks again!

6
Contributors
14
Replies
15
Views
10 Years
Discussion Span
Last Post by zandiago
0

Welcome first of all :)
Now what method do you conenct to the interent? USB Modem, Ethernet, Dial Up, or something else?
And what anti-virus programme do you currently use?

0

I've got Verizon DSL so i connect with a modem. I'm currently using AVG 7.0 for my antivirus.

0

Have you run a scan? If so, do one if you suspect you have a virus. Being AVG, it should find anything that is a virus on your system. Then attempt to connect again after you have run the scan and then rebooted.

0

Ran a check last night, rebooted this morning and nothing, maybe it s something that AVG cant find? Btw it is avg 7.5 if that helps. Anyhow, is anything in my Hijackthis log file horribly bad? I always get a slow down on my machine while on the internet. Gonna run another AVG scan now though, hope it fixes all this!

0

Have you defragmented your HDD recently, it's off the point slightly, but it makes your machine faster so it may help with speeding up your interent browsing. Also run a disk clearup as well to get rid of a backlog of internet sites visited, which accumulates to alot over time!

0

Gonna do a new defrag/error check after my Anti-Virus is done checking, nothing yet on the anti virus though, appreciate all the help :)

0

Okay nothing on my AVG scan whatsoever :( Any other ideas i can try out, gotta leave for work here in 30mins so i'll be on after i get home at 10pm pacific time. Thanks again!

0

Is 7.5 the latest version of AVG?
I currently use Norton 06 version, so you could try running another antivirus programme, with a free version. But you may get conflict between the two.
And also a disk defragmentation is a length proccess, so it is best to run it overnight, remember to turn off any screen saver you have, and also run no other programmes in the background while it is defragmenting.

0

If its a problem with spyware, then norton and avg aint gonna do it....

i always use adaware ad spybot S&D.... BUT i use a MiniPE enviroment...... lyk a UBCD.....

http://isohunt.com/torrents/?ihq=miniPE+digiwiz

i thinks thts the version i use ... same dude makes it, may be an earlier version ... but has a host of tools for removing adaware as well as viruses ect and coz it boots from the CD your not within windows so nothing can hide!! :D

this will also allow you to do a load more... i use it all day every day for work..... if u use a LAN connectio then adaware and spybot ect WILL UPDATE ... if not use WINISO and download the new definitions them add them into the directory as needbe

***** C:\windows\system32\lsass.exe ***** - Be careful here as there was a virus about long time ago which looked lyk a windows process.....

LSASS.EXE or ISASS.EXE 1 of these is a virus 1 is a windows process.... i forget which is which, but norton should kick it out....

also on the MiniPE boot disk there should be norton so u can run norton from the disk as well.....

if that download link dont work thn msn me and ill send u the ISO with the updated bits n pieces....

Hope this helps.....


Just read bit more..... if ya gonna defrag use safe mode..... much better :D:P

0

First of all Defrags are entirely useless. After a seriously long wait while it defrags, they speed your pc up a pathetic amount for about a week. If you have large drives and use them like I do it'll waste all your time.

It's also probably not a virus. People here are often to quick to say thats the problem. I've had 1 virus in 4 years, and that was my own fault, and it didn't do anything but caused my mouse to stop working. Virus are over-rated.

First of all you'll need to check firewalls/proxies (if corporate). Then you'll want to check the router settings to make sure there are no ip conflicts.
You could just have an invalid ip. Right click and repair if you get this error.

Check the cable has not been split, and that it's plugged in. Stupid idea (but you should).

I don't see why no-one here has tried to troubleshoot your network connection. Do you use a wireless/Rj45 connection?

Send me a PM and I'll chat on MSN if you want.

0

Thanks for all the ideas everyone, I've got the updated version of AVG and nada was found, i've got Ewido Anti-Spyware and Ad Aware Se Professional, both turned up empty. Don't have Norton unfortunately, so i'm out of luck there. As for how I connect, i've got Verizon DSL and i connect using a Dynex Dx-E401 switch from my DSL Modem. Problem is that it works for the laptop i'm using on the same network and with the same cable that my PC uses, so something is wrong on the computer itself.

0

Almost forgot, maybe this is the key, but i cannot turn on windows firewall. Going through windows security center when i click enable it tells me: We're Sorry. The security center could not turn on windows firewall. To try turning on the firewall yourself, go to windows firewall tab in control panel.
Then when i go under control panel and try to open windows firewall i get this message: Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Firewall/Internet connection sharinc (ICS) service? I click yes and it says it cannot start it. So now i'm out a firewall too. :(

0

Interesting log. Makes it tough to read, considering that the dodgy entries could well be typos... :)

O4 - HKLM\..\Run [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\justched.exe"
-is that "t" in justsched.exe a typo?

Okay, movin on. Alwil + AVG AV's. One MUST go. Now.
MyWebSearch Search Assistant - Go to Add/Remove programs and remove MyWebSearch Bar, MyWeb Search and Search Assistant.
Use hijackthis to fix these; then delete the MyWebSearch folder in pgm files.

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\RunOnce [MyWebSearch bar uninstall] rundll32 C:\Progra~1\Uninst~1.DLL,0 -3
O8 - Extra Context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
C:\Progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Check that justched thing.

0

Hhhhmmmmm...if you're unable to turn on your fire-wall, I do recommend that you clean/restore your registry files…if these are corrupted, your PC will slow down. The software to help you with your registry: RegCure and Regpair. Some of the above mentioned programs can be downloaded at www.cnet.com. Also, there are softwares out there such as “Explorer Repair” that resets your TCP/IP settings, deletes ARP Cache, repair your host files, checks your winsock files . You can also, download other fire-wall software, if the one that comes with ur PC doesn’t. Additionally,after completing the above mentioned suggestions, you may want to ping to test connectivity or other ways to troubleshoot your network.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.