problem with service or virus??? plz help

Discussion in 'malware problems & news' started by I'm_a_n00b_lol, May 1, 2005.

Thread Status:
Not open for further replies.
  1. I'm_a_n00b_lol

    I'm_a_n00b_lol Registered Member

    Joined:
    Dec 4, 2004
    Posts:
    1
    Location:
    UK
    I'm not sure whether i have a problem with my services or a virus. Right now i have mcafee antivirus and kapersky trial installed. When the problem started for both the on demand scan was turned off. It began when i unrared a dodgy file. When i had tried to scan it with mcafee it stopped at 33%, so i tried to scan it with kapersky and it said it was clean. When i opened it or a while after the task bar disappeared and didn't come back. I restarted and first the task bar disappered and then i got "The system process "C:windows/system32/services.exe terminated unexpectantly with status code 1073741819 system will shut down and restart." I tried rebooting again and this time ther error was lsass.exe. In safe mode i tried to start kapersky on-access scan but it failed to open it, so did mcafee on access. Fist i tried windows malicious software removal tool, was clean, then i tried symatic sasser and blaster removal tool, both said system was clean. Then tried kapersky harddrive scan, said it was clean. Then i tried http://housecall.antivirus.com online scan, said it was clean. Msantispyware has nothing, ad-aware finds nothing, SB S&D finds Avenue A, Inc "tracking cookie". Here is my hijack this log.

    Logfile of HijackThis v1.99.1
    Scan saved at 21:52:49, on 01/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
    C:\Program Files\Fire\Firefox CE\firefox.exe
    C:\Documents and Settings\Fidel\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shef.ac.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shef.ac.uk/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NvMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
    O15 - Trusted Zone: http://Download.Windowsupdate.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    Someone said it was clean and that i had a services problem. So i disabled the kapersky service. All mcafee services expect autoupdate were on manual.

    When i started pc again all was fine untill i clicked on start and startbar disapperad and i got services.msc error again.



    What should i do? i cant uninstal either of the virus problems in safe mode if that is the problem.
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    I'm_a_n00b_lol

    Wilders no longer provides support for Hijack This logs, and as such you will need to post your HijackThis Log at one of the forums found at A-SAP.

    The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.
     
Loading...
Thread Status:
Not open for further replies.