Help! Hijackthis Log

Can anyone help me with this?

I cannot seem to surf the internet and I think I have a virus.

Logfile of HijackThis v1.99.1
Scan saved at 8:25:30 AM, on 6/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft SQL Server\MSSQL$JMPS_SQL_SERVER\Binn\sqlservr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\j7j5tr06.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\vptray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Documents and Settings\Jimmy Weidman\Desktop\Spyware from david\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [j7j5tr06] C:\WINDOWS\System32\j7j5tr06.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1557336C-9951-42F0-BB12-C56F2FCE56F9}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{53908F98-0C75-43D5-8732-DD61A3DD11D8}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{9467FC96-648E-4D32-B58D-ED13B6A4A144}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{B80BB9E2-4BA6-45AD-8054-AACE95649CBE}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{1557336C-9951-42F0-BB12-C56F2FCE56F9}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{1557336C-9951-42F0-BB12-C56F2FCE56F9}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$JMPS_SQL_SERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$JMPS_SQL_SERVER\Binn\sqlservr.exe" -sJMPS_SQL_SERVER (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$JMPS_SQL_SERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$JMPS_SQL_SERVER\Binn\sqlagent.EXE" -i JMPS_SQL_SERVER (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

If you can't surf the internet, see if you need to run the winsock fix.

http://www.snapfiles.com/download/dlwinsockxpfix.html

Download it, run it and see if notices anything you can fix.

 

O4 - HKLM\..\Run: [j7j5tr06] C:\WINDOWS\System32\j7j5tr06.exe

^^

Anyone know what that is, there is no results when you search it in google (search terms: j7j5tr06.exe and then tried just j7j5tr06).

There are also other reasons why you may not be connecting:

1. Try restarting.

2. Wireless adapter is disabled (go to Start --> Connect To --> Right Click your wireless connection and select enable)

3. Need to repair your connections (go to Start --> Connect To --> Right Click your wireless connection and select repair)

 

Winfix did not work.

 

Excuse me, Winsock fix did not work.

 

First update to IE7(try trough windows update vis the start menu) and just by looking at it, the xxxtoolbar(most 3rd party tollbars are bad) will cause some problems

also upload you hjt log to http://www.hijackthis.de/ at see what it says


Also if you copy of xp is legit update to XP SP2(service pack 2)

 

I would reccommend clearing your browsing history and all temporary internet files as well, sometimes doing that will make my web surfing a little more stable.


EDIT: W000 100th post

 

And HijackThis is not a virus scanner and checks only specific areas of your system. The "j7j5tr06.exe" entry, as LiveDesign says, is troublesome. The folks on the HijackThis forum mentioned above would have an idea if this is safe or not or if it can be safely removed.

Have you run a virus scanning program (AVG, Kaspersky, Norton, etc.)? Have you run a malware scanner (AdAware, Spybot Search & Destroy, Spysweeper)? Any results there?

What do you mean you "can't surf the net"? No internet connection? Have a connection but can't open the browser? Have you tried pinging your router?

There's a lot of basic stuff to check before getting too worried.

 

According to the log, you have AdAware and Norton AV. Update both of those and see if they find anything.

 

I would update Norton and Adaware if I had an internet connection. I consider myself somewhat savvy in the basics of troubleshooting. I've cleaned cookies, ran Norton, etc..

I went to http://www.hijackthis.de/ (awesome by the way) and put my log in, and deleted/fixed all the problems that it showed. Still no internet.

 

Not being able to surf is not the same as not having Internet. Can you ping www.google.com? Or do Norton and Adaware also complain about being unable to connect to the network?

 

To ping a site jsut go to Start-Run-type "cmd" without the quotes and then type ping www.google.com

IF you get a reply(x4)then a ping stat and Appx round trip time that means you have a Internet connection.

If you have an Internet Connection, and IE doesnt work, find a way to download Firefox(ask a friend if can dl and send it to you via a Instant messenger or burn you a cd/dvd/floppy maybe? or put it on USB( you can buy one for less then 10$) and give it to you.

 

This is really dumb but I found out the problem. Although there were many viruses present, it was the TCP/IP settings that were incorrect.

 

Thanks for all the help.

 

That is great, but then not so great. Make sure that you update Norton and schedule some regular virus scans (like every other night).

Keep it clean dawg. Your computer will love you forever.

 

This is confusing. If you did not have an internet connection, you wouldn't be able to go to the HijackThis website. And since you can go there and post here, I would guess you have an internet connection (unless you're using a different computer).

What error messages are you getting? When do they show up? Are you trying to connect to the web with a wired or wireless connection? Do you have any networks showing in your Network Connections window?

If it's not a networking problem and simply an issue with Internet Explorer, then that's something entirely different. If it's an IE6 problem, here are two things to try:

From The Elder Geek.

 

I appreciate your response. I was at work talking on my work computer to yous guys and my laptop was sitting behind me.

 

Word. Norton is rockin out right now.

 

Congratulations on figuring it out.