Something is causing internet activity...

A

Altanore

New Member
Logfile of HijackThis v1.99.1
Scan saved at 3:26:23 PM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
E:\Program Files\Multimedia Control Center\MCC.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\Multimedia Control Center\VisMP.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Altanore\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MCC] E:\Program Files\Multimedia Control Center\MCC.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - Startup: Shortcut to CG-NVNF4.lnk = E:\Program Files\Clockgen\CG-NVNF4.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135717874217
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3D9FAE-4F4C-48E0-A3A7-8D896F2C4203}: NameServer = 209.53.4.130,209.53.4.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B39A939-6E8C-450A-A9B6-24B1EB887CDD}: NameServer = 209.53.4.130,209.53.4.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C3D9FAE-4F4C-48E0-A3A7-8D896F2C4203}: NameServer = 209.53.4.130,209.53.4.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - E:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

Just noticed it today... I have an LCD display on my drive bay and i can set it to show internet activity and it is reporting an average 400 bytes download and 200 bytes upload constantly. Even the windows XP connection symbol near the clock is showing activity.

I can't figure out what it is... i end tasked mostly everything and it is still doing it. There is nothing useing my internet connection... even closed my anti virus and disabled updates but the internet activity is still there. Also did a deep scan for adware/viruses etc... again, nothing.

CPU usage is also at 0%...

I've also installed nothing new recently.

So i don't get whats hogging my internet... hacker or someone spying on me? Anyway to see what programs that are using your internet connection?

Thanks :)
 
400bytes is nothing. Windows, in addition to some of the program you have are sending information to their servers, some are checking for updates while others may just be sending a few bits of information back.

It's nothing to worry about.
 
Unplug your PC from the wall, just to test for a bad sensor. If you're unplugged and it's still flashing away, then it's just goofy.

Otherwise wait for someone to diagnose your HJTL. I would assume your PC (while having an active internet connection) is always communicating. Even if it's the only PC in your house, you still are in a way connected to your ISP's "network" and will send/receive data.
 
Just does not seem right to me... my internet is constantly inactive when im not useing it. I know it communicates ones in a while, and I have noticed it doing that.. send a few bytes then do nothing for the next minute. However, now it's doing it non-stop. I'm more concerned if someone is spying on my computer activity.
 
Its not right...you have Mojuo.w32 Virus!

I am not exactly sure as to how to remove it though...try to do a scan with ewido and see if it will find and remove it!
 
NVM.. thought I had it. MCC.exe is the software that controls my LCD display. It's not the virus...
 
Last edited:
It is showing up as the virus though...thats why I said I was not sure how to remove it. Did you find that using a scan? If so fix it and Worst Case Scenario you will just have to reinstall the software...sometime software comes with spyware and this may be one of those cases and if you remove it the program may or may not work. Go ahead and scan with ewido and fix what it finds and see if everything still works.

Edit: Why is this located in E: drive and not C: drive?
 
Last edited:
I've had my LCD display and software for months now... This problem started recently so I know it's not that. MCC software is 100% clean.. and anyway, the virus makes an MCC.exe in the system32 folder. Plus the registry keys it creates does not exist on my computer when I looked for them.

It is on the E drive because I install everything on the E drive. I leave the C drive for Windows XP only. I do this because it prevents windows from getting corrupted and runs better on it's own drive.
 
MCC.exe is probably comming up as a false positive then...your log looks pretty clean have hijack this fix these if they do not belong to your isp or you do not know the website.


I think this entry is for your LCD display fix at your own risk! It is an active X control though.

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab


O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3D9FAE-4F4C-48E0-A3A7-8D896F2C4203}: NameServer = 209.53.4.130,209.53.4.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B39A939-6E8C-450A-A9B6-24B1EB887CDD}: NameServer = 209.53.4.130,209.53.4.150

O17 - HKLM\System\CS1\Services\Tcpip\..\{2C3D9FAE-4F4C-48E0-A3A7-8D896F2C4203}: NameServer = 209.53.4.130,209.53.4.150

Also did you just install google desktop? If so try uninstalling it and have hijackthis fix this as well.

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

Reboot and see if you are still having internet connection activity.
 
Last edited:
You must log in or register to reply here.
Back
Top