Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log for analysis - thanks!


  • Please log in to reply
5 replies to this topic

#1 Webbie

Webbie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 January 2005 - 04:16 PM

This log is from an XP Pro PC. The PC has been having various problems which neither Ad Aware or Spybot have been able to fix. Could one of you experts take a look at this log file and see what the problem areas are, please?

Thanks!

Webbie


Logfile of HijackThis v1.99.0

Scan saved at 3:09:49 PM, on 1/27/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINDOWS\System32\CCM\CcmExec.exe

C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Hijack This\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [y5Cp] C:\WINDOWS\djitwa.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe

O4 - HKLM\..\Run: [-

] C:\WINDOWS\djitwa.exe

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mattz"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://x/officescan/ClientInstall/WinNTChk.cab

O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://x.weber.com/AntiSpamGateway/Cabs/Mapicom.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://x.weber.com:8000/jinitiator/oajinit.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\Software\..\Telephony: DomainName = weber.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{5DEAF154-9274-4CFA-8114-CB3879284975}: NameServer = 10.0.x.x,0.0.0.0

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{5DEAF154-9274-4CFA-8114-CB3879284975}: NameServer = 10.0.x.x,0.0.0.0

O23 - Service: ASF Agent - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Symantec Ghost Client Agent - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Listener - Unknown - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:35 PM

Posted 27 January 2005 - 08:57 PM

Hi Webbie,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”


R3 - URLSearchHook: (no name) - _{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [y5Cp] C:\WINDOWS\djitwa.exe
O4 - HKLM\..\Run: [-

] C:\WINDOWS\djitwa.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD

C:\WINDOWS\sysupd.exe
C:\WINDOWS\djitwa.exe

Restart your computer, Post back a fresh log please,

Let us know how your computer is running

#3 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 28 January 2005 - 09:55 AM

don77, thanks for the response. I did as you instructed and have posted the new log below. The problem has not changed a bit though - the PC takes FOREVER to start up. What else in this log would indicate the culprit of such a problem?

Let me know and thanks again!

Webbie


Logfile of HijackThis v1.99.0

Scan saved at 8:46:48 AM, on 1/28/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINDOWS\System32\CCM\CcmExec.exe

C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe

C:\WINDOWS\system32\userinit.exe

C:\Hijack This\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\1.0\lwbwheel.exe

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mattz"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://x/officescan/ClientInstall/WinNTChk.cab

O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://x.weber.com/AntiSpamGateway/Cabs/Mapicom.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://x.weber.com:8000/jinitiator/oajinit.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\Software\..\Telephony: DomainName = weber.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{5DEAF154-9274-4CFA-8114-CB3879284975}: NameServer = 10.0.x.x,0.0.0.0

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = weber.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{5DEAF154-9274-4CFA-8114-CB3879284975}: NameServer = 10.0.x.x,0.0.0.0

O23 - Service: ASF Agent - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe

O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe

O23 - Service: Intel NCS NetService - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Symantec Ghost Client Agent - Symantec Corporation - C:\Program Files\SYMANTEC\Ghost\NGCTW32.EXE

O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Listener - Unknown - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:35 PM

Posted 29 January 2005 - 09:02 AM

Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log.

#5 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 03 February 2005 - 09:58 AM

Don77, thanks for the reply and sorry for my slow response! I did run a virus scan with Trend's Office Scan software with the most current definitions. No viruses were detected. Any other ideas?

Let me know and thanks,

Webbie

#6 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:09:35 PM

Posted 03 February 2005 - 07:41 PM

I don't see anything in your log in regards to malware that would be causing start up issue's

Did you run the Active scan ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users