1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

XP Home hyjack Internet Speed Monitor

Discussion in 'Virus & Other Malware Removal' started by Filewasp, Apr 6, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Hi all-
    Somehow possibly embedded in a streaming video file, internet speed monitor was installed in my system. I removed it in add-remove rebooted, but found out a few days later it was still around. Getting constant balloon alerts in the lower right bar that my computer is infected and wants to direct me to a website to buy a program to remove it! Such nerve! There is tons if stuff running on start-up (ran msconfig) I at this time did not uncheck anything until I ran the HJT. Also: WebHancer was installed- and what is windows installer? it shows up in add-remove. This lap top (VAIO) was wiped clean I was told when I bought it and there is mass more on it that there should be, so thinks I. Softly Adds page loads all on it's own in that darn speed monitor site. Then, I got a total blue screen, and rebooted to see my background replaced with nothing but a notice that I am infected and a "click here" spot for a way to remove the infection. I did a screen print of my desktop to show that.
    Any ideas? Where should I start? The balloon alerts are driving me nuts. So much for privacy- here is todays HighJack This log. I know this is a busy site thanks ahead of time if someone can respond.





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:24:24 AM, on 4/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wmsdkns.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\upyzixkn\cjsdyhij.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\FarStone\GameDrive\GDTask.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Steve\LOCALS~1\Temp\ie.exe
    C:\Program Files\Bat\X_Bat.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {84c2365c-1dd2-11b2-8102-af6a6a6cb28e} - C:\WINDOWS\ivgtuzkl.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - C:\WINDOWS\system32\ljJBsPhh.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [GameDrive] "C:\Program Files\FarStone\GameDrive\GDTask.exe" /AutoRestore
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [lghabeby] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lghabeby.dll"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [knvlsxyq] C:\WINDOWS\system32\qdgnmnid.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Steve\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Steve\LOCALS~1\Temp\ie.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Zkio9mboD9] C:\Documents and Settings\All Users\Application Data\upyzixkn\cjsdyhij.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202699744696
    O20 - Winlogon Notify: ljJBsPhh - ljJBsPhh.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 8949 bytes
     
  2. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    a polite "bump"
     
  3. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Ok- running free avg, so far it found (still running)
    iW8.exe
    BAK3B.tmp
    ismupd24.exe
    sdexe.exe
    ven1v13aid[1].exe
    CA09YF8D
    I also looked in program files and found:
    180 search assistant
    180 searchassistant
    180 solutions
    seekmohook.dll
    webhancer
    zango
    sysmnt (I would guess this is okay)
    Will not remove anything unless directed to or some other app does it for me or you recommend it. thanks!
     
  4. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
  5. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Could someone stop in and get me started on this? spybot ran twice found tons of items (trojans) but when I try to do the fix it stops responding. Spyhunter wants cash, and my task manager it says has been disabled by the administer. I have administer disabled as far as I know. Darn! thanks for reading
     
  6. Filewasp

    Filewasp Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    664
    Getting impatient I suppose. Sorry for that, I'm pretty good at following directions if someone has the time to give them to me! Big thing is I want to file my taxes on line, and I'd be pretty silly to do it with trojans loaded.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Home hyjack Internet
  1. ated19
    Replies:
    4
    Views:
    754
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/700957

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice