8 replies to this topic

[happygolucky821]

Nice write-up by Expert miekiemoes

http://users.telenet...owcomputer.html

Hi my computer for the past few weeks has been very slow at loading up any programs on my pc. I need to know whether there is malware or spyware causing this problem based on the log I've provide or anything in this log that can be safely deleted.

Logfile of HijackThis v1.99.1
Scan saved at 10:41:02 PM, on 8/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tran\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7446FBC3-3B52-4F85-9919-80317E174D91} - C:\WINDOWS\System32\mljif.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\amcukiuf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148043170815
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljif - C:\WINDOWS\System32\mljif.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winoqx32 - winoqx32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe



--Your help would be much appreciated.

[silver]

Hi happygolucky821,

Your OS is seriously out of date so the first step is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. You'll need to install SP2 but it's best to wait until we've checked your machine before installing it.
Click here to get WinXP SP1a: http://www.microsoft...p1/default.mspx

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/
Be sure to reboot your machine after this process.

Once complete, please post a new HijackThis log.

[happygolucky821]

Hi happygolucky821,

Your OS is seriously out of date so the first step is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. You'll need to install SP2 but it's best to wait until we've checked your machine before installing it.
Click here to get WinXP SP1a: http://www.microsoft...p1/default.mspx

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/
Be sure to reboot your machine after this process.

Once complete, please post a new HijackThis log.

Hi Silver,

Umm about receiving automatic updates ..my Windows XP Pro for some reason has not been installing the updates - I mean it manages to download the hotfixes / updates the OS automatic service detects but i don't think it installs them. (Like I see these hotfixes in the Add/ Remove programs mix -but there is no actual update) .

Help! I'm not sure why? And yes I know that getting your comp updated is very important ..but that's the main reason why I've been avoiding such updates ..simply cos it does not take affect to my computer.

HELP. I also tried to the Windows Update link you gave me..managed to install and update the updater than when it came to the step of validating windows ..the Microsoft page would load..but for a very long time with no response/ display of any result???

Oh by the way..sorry I wasn't so sure whether to keep this reply under my original post topic or make another topic. I'm crossing my fingers to get a reply from you within the next 5 days ..otherwise back to the Older than 5 days No Response forum this goes.

[silver]

Hi happygolucky821,

Sorry to hear you are having trouble with updates, please try this:

Please download MGADiag.exe to your Desktop from here:
http://go.microsoft....k/?linkid=56062

• Double-click on MGADiag.exe
• When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
• Please post the results in your next reply.

[silver]

Hi, How are you getting on?

[happygolucky821]

Hi Silver, My results from the diagnostic program you gave as follows: Diagnostic Report (1.7.0039.0): ----------------------------------------- WGA Data--> Validation Status: Blocked VLK Detailed Status: N/A Cached / Grace status: N/A, N/A Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8 Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ= Windows Product ID: 55274-640-0000356-23117 Windows Product ID Type: 1 CSVLK Server: N/A CSVLK PID: N/A Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.0.0.pro ID: {E727CB98-2A23-4AD4-B465-03DB31300975}(3) Is Admin: Yes Commit / Reboot / BRT: N/A, N/A, N/A WGA Version: Registered, 1.7.36.0 Signed By: Microsoft Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-171-1 Resolution Status: N/A Notifications Data--> Cached Result: 3 File Exists: Yes Version: 1.5.540.0 WgaTray.exe Signed By: Microsoft WgaLogon.dll Signed By: Microsoft OGA Data--> Office Status: 100 Genuine OGA Version: Failed to retrieve file version. - 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: FCEE394C-2993-80070002_025D1FF3-171-1 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Active scripting: Script ActiveX controls marked as safe for scripting: File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{E727CB98-2A23-4AD4-B465-03DB31300975}</UGUID><Version>1.7.0039.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23117</PID><PIDType>1</PIDType><SID>S-1-5-21-682003330-1957994488-962054275</SID><SYSTEM><Manufacturer>VIA Technologies, Inc.</Manufacturer><Model>VT8367-8233</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20020312******.******+***</Date></BIOS><HWID>23A934E701842049</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>SA Pacific Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>A71625726A48D00</Val><Hash>kW+7M9H/N2T3epxXbD9TIXxcTms=</Hash><Pid>73931-640-0052923-57104</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>

[silver]

Hi happygolucky821,

Your Windows did not appear to be genuine. You will not be able to obtain Windows Updates until you get this straightened out with Microsoft.

If you obtained your copy of Windows legally, then please open this website:
http://forums.micros....aspx?SiteID=25
Create a new topic in the WGA Validation Problems forum and paste the results of the WGA Diagnostic Data - a WGA troubleshooting specialist will analyze the data and recommend an appropriate solution.

If you have an illegal copy of Windows, you have the option to pay for it and make it good, uninstall and go to a free version of Linux, or just deal with all the insecurities and problems you now have. The forum does not support the use of illegal software.

Let me know how you wish to proceed.

[silver]

Hi, Do you still need help with your machine?

[silver]

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log