Forum     

Go Back   Digit Technology Discussion Forum > Software > Software Q&A
weird system (log pasted ) weird system (log pasted )
Register FAQ Calendar Mark Forums Read

Software Q&A Having trouble with software? Find solutions here


Closed Thread
 
LinkBack Thread Tools Display Modes
Old 04-08-2007, 12:52 AM   #1 (permalink)
Booting Nicotine!!
 
spironox's Avatar
 
Join Date: Jan 2004
Location: Paradox Box in the scrap yard
Posts: 313
Default weird system (log pasted )

pasting here the hijack this log for you kind referal
the problem is the pc sometimes goes bonkers mouse runs away the system crashes and sometime the memory dump !

i cant fix it anyhow .. can any body help me



Logfile of HijackThis v1.99.1
Scan saved at 9:42:49 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\WINDOWS\StartupMonitor.exe
C:\AutoPatcher\modules\AddOns\WinUptime_enu.amc_fi les\WindowsUptime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\isass.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [WindowsUptime] "C:\AutoPatcher\modules\AddOns\WinUptime_enu.amc_f iles\WindowsUptime.exe" /i
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70715D9D-0625-48A5-9D8B-F37EBE2B6A98}: NameServer = 61.246.200.28 202.56.230.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SONAL_~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
------------------------

when i go for the full system scan using the latest updated of spyware terminator i get two threats

1> Trojan/Dropper.Agent.ASS(trojan)
file c:\windows\system32\isass.exe
reg file GHKLM\SYSTEM\SURRENTCONTROLSET\SERVICES\CSNETMANAG ERXP
2> Affiliate tracking cookie (tracking cookie)
file c:\documents and settings\user\cookies\user@2o7(2).txt

if i clean these threats they come back after reg interval

i am using a Lan (coaxial) internet connection of 56Kilobits/second

config is a Pentium 4 of1.51ghz,256mb ram
mercury Mb and 40Gb HDD

regards
nixon

hello anyone home ?? anyone here ?? guys sos
__________________
http://spironox.blogspot.com

Rig : Asus P4 p 800SE ( happy )
Netbook : Google chrome Cr-48 Mario !!! now that's what i call lucky & also an iBookG4 (2004)
Last edited by spironox; 04-08-2007 at 12:52 AM. Reason: Automerged Doublepost
spironox is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 04-08-2007, 01:21 AM   #2 (permalink)
dá ûnrêäl Kiñg
 
zyberboy's Avatar
 
Join Date: Feb 2006
Location: kerala/calicut
Posts: 992
Default Re: weird system (log pasted )
ur computer is infected with a virus. (C:\WINDOWS\system32\isass.exe) this is a virus.
lsass.exe is windows file but isass.exe is a virus...uninstall avg and download good av's like AVS or kaspersky to clean the virus.
You can also try uploading the file isass.exe to this site http://www.virustotal.com/ and scan so u can download the av which will detect it.
__________________
My Stomach pains:D:D
http://tinyurl.com/32jj4m
zyberboy is offline  
Old 04-08-2007, 01:23 AM   #3 (permalink)
Booting Nicotine!!
 
spironox's Avatar
 
Join Date: Jan 2004
Location: Paradox Box in the scrap yard
Posts: 313
Default Re: weird system (log pasted )
huh !!! cant imagine .. that i got license of avg man
__________________
http://spironox.blogspot.com

Rig : Asus P4 p 800SE ( happy )
Netbook : Google chrome Cr-48 Mario !!! now that's what i call lucky & also an iBookG4 (2004)
spironox is offline  
Old 04-08-2007, 06:05 AM   #4 (permalink)
Is actually a real word..
 
Join Date: Jun 2007
Location: cEhnEHdEH
Posts: 443
Default Re: weird system (log pasted )
I assume u posted your log at hijackthis.de. did u notice all the 'missing file' (abouit two or three) yes there is a virus, like cyberboy_kerala pointed out. I am thinking that ur spyware prog deleted certain files it wasn't suppose to. you might be best off trying to remove with smitfraudfix, then backup, then wipe. by the sounds of it, if you get rid of the virus, u still will have a lot of fun trying to get windows back in tip top shape. so "I" would remove virus backup the wipe it all clean.... but then I know how everyone loves to backup and startover, not too much fun...
__________________
“They put me here because I’m from Canada and they think I’m slow, eh?..."
Liggy is offline  
Old 04-08-2007, 09:13 AM   #5 (permalink)
Booting Nicotine!!
 
spironox's Avatar
 
Join Date: Jan 2004
Location: Paradox Box in the scrap yard
Posts: 313
Default Re: weird system (log pasted )
thanks ... man will try to take precautionary measures
__________________
http://spironox.blogspot.com

Rig : Asus P4 p 800SE ( happy )
Netbook : Google chrome Cr-48 Mario !!! now that's what i call lucky & also an iBookG4 (2004)
spironox is offline  
Old 05-08-2007, 12:48 PM   #6 (permalink)
The Thread Killer >:)
 
phreak0ut's Avatar
 
Join Date: Apr 2006
Location: Bangalore
Posts: 1,185
Default Re: weird system (log pasted )
Surprised to hear that people still buy license of AVG. There are better free AVs out there. You should try it out.
__________________
Want to make this world a better place? Then, start seeding and don't be just a leecher :)
phreak0ut is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
System acting weird! lalam Software Q&A 3 18-01-2007 05:43 PM
This Is Weird!!! damnthenet QnA (read only) 3 15-08-2006 08:12 AM
Weird Desktop - please help a_medico Hardware Q&A 2 01-02-2006 02:59 PM
weird problem krisjr QnA (read only) 6 23-12-2005 06:52 PM
Weird Probs with H/W! geekhead83 QnA (read only) 6 19-12-2004 11:43 AM

 
Latest Threads
who wanna buy Galaxy s3?
- by clmlbx
Battlefield 3 discussion!
- by cyborg47
Need for Speed Most Wanted reboot
- by cyborg47
the FOOTBALL channel
- by Arsenal_Gunners
The LG Optimus One Thread
- by noobdroid
Official Android discussion thread
- by amitabhishek
Must Watch Movies Recommended By Digitians
- by ~Phenom~
Is there a chance to get my N8 back ???
- by gameranand
All TV Shows Related Discussions Here
- by SunnyChahal
Micromax Funbook problems
- by Anand_Tux

Advertisement




All times are GMT +5.5. The time now is 02:55 AM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2