|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
12-30-2004, 10:25 AM
|
#1 |
|
Member (12 bit)
Join Date: Jul 2002
Location: Easthampton, Massachusetts
Posts: 2,633
|
Re: USB Problem possibly caused by malware
Hey everybody,
This has started recently. As I can recall, I did not have this problem a few weeks ago. Here is the problem. I have two USB devices plugged in, USB Printer and USB Webcam. When I unplug the USB cam, my system becomes unstable. CPU usage goes up to 55% by a process called "System" and I cannot open Device Manager or Control Panal. While the system is rebooting, I plug in the USB camera, and it gets detected no problem. System works fine. I unplug the USB Printer, and the samething happens. I have to reboot. Also, Windows fails to recognize my flash drive. It was able to recognize it a few weeks ago. I did not do any hardware changes. With software, I only installed Alcohol 120%, latest AVG, and latest Firefox. AVG did find a virus named Trojan Downloader. VB or something like that, so I removed that. I also did scan with Housecall, and it found nothing. Had only 1 adware result, removed that, and only had DSO exploit with Spybot, also removed that. I am still thinkin this is a malware issue, as my Firefox browser does not want to connect to any website, but IE can. I am going to post my HJT log. TIA. -------------------------------------------------------------------------- Logfile of HijackThis v1.99.0 Scan saved at 11:20:39 AM, on 12/30/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\devldr32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Grisoft\AVG Free\avgemc.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B71CA4ED-7797-414E-B34C-FABEA7A04092}: NameServer = 192.168.1.1,192.168.1.1 O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe |
|
|
|
12-30-2004, 10:46 AM
|
#2 |
|
Member (12 bit)
Join Date: Jul 2002
Location: Easthampton, Massachusetts
Posts: 2,633
|
The problem has been solved. I removed the Trojan, and any spyware/adaware found. I noticed that I had a cable plugged into my USB, which was suppose to lead into a Digital Camera, but I do not have a Digital Camera, so it was just using up the USB port without it being connected to anything. So I removed the cable, plugged in the USB printer, and plugged in the USB drive into the remaining port and it detected it just fine.
I would still like some assistance with the Hijack this log. TIA |
|
|
|
|
12-31-2004, 02:14 PM
|
#3 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,786
|
The log is clean.
|
|
|
|
|
12-31-2004, 08:04 PM
|
#4 |
|
Member (12 bit)
Join Date: Jul 2002
Location: Easthampton, Massachusetts
Posts: 2,633
|
Thanks George
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
