Please Look at this Hijack This Log

SquirrelNinja · 28-May-2007, 02:15 PM #1

A few days ago, my computer began running incredibly slowly. Programs are crashing left and right, and my usual system cleans don't seem to be helping anything so please, if you can help me out, I'd really appreciate it.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:17:17 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Professor Chaos\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.internetwasher.co...twasherpro.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe

--
End of file - 4419 bytes

**Cheeseball81** · 28-May-2007, 05:14 PM #2

Even though there is so anti-virus protection, I don't see anything nasty in the log.

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.

SquirrelNinja · 28-May-2007, 05:18 PM #3

I actualy already ran one here's the log

Incident Status Location

Adware:adware/portalscan Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Professor Chaos\Application Data\Mozilla\Firefox\Profiles\x6lx3ka7.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Professor Chaos\Application Data\Mozilla\Firefox\Profiles\x6lx3ka7.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Professor Chaos\Application Data\Mozilla\Firefox\Profiles\x6lx3ka7.default\cookies.txt[.go.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Professor Chaos\Application Data\Mozilla\Firefox\Profiles\x6lx3ka7.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Professor Chaos\Cookies\professor chaos@2o7[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Professor Chaos\Cookies\professor chaos@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Professor Chaos\Cookies\professor chaos@atwola[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq132.tmp

**Cheeseball81** · 28-May-2007, 05:21 PM #4

It doesn't appear virus related then.

Have you added any new software or hardware?

SquirrelNinja · 28-May-2007, 05:24 PM #5

nothing major, but I uninstalled everything I installed recently to be on the safe side, and no luck. (That is also why there was no anti-spy, I had AVG and uninstalled it after the crash, I figured that probably wasn't the problem but I'm going to re-install it soon)

**Cheeseball81** · 28-May-2007, 05:26 PM #6

'Nothing major'......so something was installed then?

SquirrelNinja · 07:34 PM

Let me think, I installed within say the past few weeks I think I installed
Grease Monkey (now uninstalled)
Itunes along with a few podcasts
Apprentice [the MTG emulator, now uninstalled]
Torrents for Episodes 1-5 of Darker than black (currently deleted)
Adobe Flash Cs3 Torrent (now uninstaled) [this could have likely installed somthing]
Wise Registry Cleaner 2.4 (uninstalled, though I installed this after the crash along with another download on the same site that I ended up canceling, I think it was for DVD backup software.)

**Cheeseball81** · 29-May-2007, 11:10 PM #8

Eh.......torrents...

How much RAM do you have

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!