weird system (log pasted )

Status
Not open for further replies.
spironox

spironox

Booting Nicotine!!
pasting here the hijack this log for you kind referal
the problem is the pc sometimes goes bonkers mouse runs away the system crashes and sometime the memory dump !

i cant fix it anyhow .. can any body help me



Logfile of HijackThis v1.99.1
Scan saved at 9:42:49 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\WINDOWS\StartupMonitor.exe
C:\AutoPatcher\modules\AddOns\WinUptime_enu.amc_files\WindowsUptime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\isass.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [WindowsUptime] "C:\AutoPatcher\modules\AddOns\WinUptime_enu.amc_files\WindowsUptime.exe" /i
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70715D9D-0625-48A5-9D8B-F37EBE2B6A98}: NameServer = 61.246.200.28 202.56.230.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SONAL_~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
------------------------

when i go for the full system scan using the latest updated of spyware terminator i get two threats

1> Trojan/Dropper.Agent.ASS(trojan)
file c:\windows\system32\isass.exe
reg file GHKLM\SYSTEM\SURRENTCONTROLSET\SERVICES\CSNETMANAGERXP
2> Affiliate tracking cookie (tracking cookie)
file c:\documents and settings\user\cookies\user@2o7(2).txt

if i clean these threats they come back after reg interval

i am using a Lan (coaxial) internet connection of 56Kilobits/second

config is a Pentium 4 of1.51ghz,256mb ram
mercury Mb and 40Gb HDD

regards
nixon:rolleyes:

hello anyone home ?? anyone here ?? guys sos
 
Last edited:
zyberboy

zyberboy

dá ûnrêäl Kiñg
ur computer is infected with a virus. (C:\WINDOWS\system32\isass.exe) this is a virus.
lsass.exe is windows file but isass.exe is a virus...uninstall avg and download good av's like AVS or kaspersky to clean the virus.
You can also try uploading the file isass.exe to this site *www.virustotal.com/ and scan so u can download the av which will detect it.
 
L

Liggy

Is actually a real word..
I assume u posted your log at hijackthis.de. did u notice all the 'missing file' (abouit two or three) yes there is a virus, like cyberboy_kerala pointed out. I am thinking that ur spyware prog deleted certain files it wasn't suppose to. you might be best off trying to remove with smitfraudfix, then backup, then wipe. by the sounds of it, if you get rid of the virus, u still will have a lot of fun trying to get windows back in tip top shape. so "I" would remove virus backup the wipe it all clean.... but then I know how everyone loves to backup and startover, not too much fun...
 
phreak0ut

phreak0ut

The Thread Killer >:)
Surprised to hear that people still buy license of AVG. There are better free AVs out there. You should try it out.
 
Status
Not open for further replies.
Top Bottom