Help! As soon as I dial in with my modem there is way more activity being sent by my modem than is being received, and i am not even uploading anything! At first i thought that maybe the modem was faulty, so I intalled a different one, but the same thing is still happening. I have rune Spybot and AdAware thinging that maybe that would do something, but to no avail. Anybody got any ideas for me? Thanks

Sounds as if you have a passenger! Try this:-

Please download Hijack this (http://mjc1.com/mirror/hjt/). Unzip it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Ok, I have run the Hijack This program, and here is what it spit out...am anxiously waiting a reply....Mahalo (thanks)


Logfile of HijackThis v1.97.7
Scan saved at 10:09:47 AM, on 5/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wumgrd.exe
C:\WINDOWS\System32\wuamgrd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Trevor Jackson\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R3 - Default URLSearchHook is missing
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

RUN! Don't walk to This forum (http://www.pcguide.com/vb/forumdisplay.php?s=&forumid=34) and pick up some tools. Hint: In the stickies...

You've got at least 3 baddies in my brief lookover. :eek:

I Recommend a FULL Security Scan.

1) Download, install and update Spybot. (http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button)

2) Download, install and update Adaware. (http://download.com.com/3000-8022-10214379.html?tag=lst-0-2)

3) Create a folder called HJT.

4) Download and install HijackThis (http://download.com.com/3000-8022-10227352.html?tag=lst-0-4) in the HJT folder.

5) Run Spybot and fix everything it finds

6) Shutdown your computer. Full shutdown DO NOT re-start.

7) Run Adaware and fix everything it finds.

8) Shutdown your computer. Full Shutdown DO NOT re-start.

9) Run an on line scan from Trend Micro (http://housecall.trendmicro.com/) and or Bitdefender. (http://www.bitdefender.com/scan/licence.php)

10) Run HijackThis from HJT folder. Do not run it from the TEMP or Temporary Internet Files folder as you may be unable to restore the backups created by HJT. After the scan is complete create a log file. DO NOT fix anything unless instructed to by an expert here.

11) Post the contents of the log and the results from the previous scans back here for evaluation.

C:\WINDOWS\System32\wumgrd.exe

Looks like WORM.SDBOT.KY. More info Here (http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.KY)

C:\WINDOWS\System32\wuamgrd.exe

That one looks like W32/Rbot-A (http://www.sophos.com/virusinfo/analyses/w32rbota.html)

What is this? C:\Program Files\VVSN\VVSN.exe If you recognize it, maybe it's OK. If not, it can probably go. Google turns up zillion links to other tech support forums, usually just because this same file shows up, finding anything definite would take me 2 hours. Many of the more common or recently overactive ones turn up by name in the first 10 results.


Hijack This:

C:\Documents and Settings\Trevor Jackson\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Hijack This needs to be unzipped into its own folder and run from there, NOT from the Temporary files, so the logs and backups will be available later.

These can go. Again zillions of links to spyware/security forums.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=

THIS is Clear Search. Let's see what Spybot and Adaware do first, then clean up with HJT...but this/these is/are the file(s) related to it.

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)

THIS one is WinFavorites (http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

See above:

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\Run: [Microsoft DirectX] wuamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] wuamgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [Microsoft DirectX] wuamgrd.exe

Plus you have whatever Adaware and Spybot pick up. I might not have found everything in the HJT log either, but have already dealt with most of these at lest a half dozen times...so I know they can go. VVSN I'm not sure about, the two worms listed at top I'm at least familiar with, but the rest ate up half my weekend and a lot of the past week...

I would try to get rid of the worms and spyware first, since most of it is probably blocking access to any antivirus/update websites, then get into a virus scan QUICK.

I would recommend installing a firewall, such as ZoneAlarm, to block Internet access by programs that you need to eliminate.

Trevor howzit?

You are running Win XP, correct? So you must, AFTER all the spyware is cleared out, you must reset your system restore files, or they are likely to be hiding in there, and jump out at you again (happens in Me and Xp). Or you can just check the disable box and leave it like that until you have cleaned everything out, then uncheck the box, and go to restore and set a new restore date (presnt time).

Go here to learn how to reset system restore in xp:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam


You can also run your AV and Adaware and SpyBot from Safe Mode, you can run 'search files and folders', if you have the exact file names, from Safe Mode and try to delete them from there...works sometimes, sometimes not.

Anti spyware resource, free good firewalls here:

http://www.pcguide.com/vb/showthread.php?s=&threadid=15179

and here:

http://www.pcguide.com/vb/showthread.php?s=&threadid=26244


Say hi to beautiful Hawaii that I miss so much...:cool: