Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

School PC Problems


  • Please log in to reply
4 replies to this topic

#1 Dynoboy5000

Dynoboy5000

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 10 February 2005 - 02:00 PM

Dear people at bleepingcomputer.com,
Right now I am typing this from my school's electronics classroom's pc. Well, one of them. Recently they have been having repeated problems and some have become very troublesome to fix. A little about the pc's: Somewhat new, only a year or so old, Using XP, on a network (which some of us believe is causing this whole mess), not possible for the pcs to not be in use for a long period of time. I have enclosed a HJT log, taken just ten minutes ago after I updated windows at their site. I have not run any other spyware or virus detecting programs in a while, so this log may be cluttered. Anyway, here is the log:

Logfile of HijackThis v1.98.2
Scan saved at 1:47:13 PM, on 2/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\STUDENT\Local Settings\Temp\Temporary Directory 1 for HijackThis1982.zip\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108069248546
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ocijmokj.dll
O21 - SSODL: mtklefap - {63C51DA1-2C87-4DCF-F490-5DD22533187E} - C:\WINDOWS\System32\wizsk32.dll

Please help. :thumbsup:

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:31 PM

Posted 10 February 2005 - 04:12 PM

Hello Dynoboy5000 and welcome to BC. I am presently reviewing your log and will respond back to you as quickly as possible.

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:31 PM

Posted 11 February 2005 - 09:45 AM

Hello again Dynoboy5000. Yup, You've got a couple of items to fix. To begin, print these directions and then close all open windows (including this one).

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ocijmokj.dll
O21 - SSODL: mtklefap - {63C51DA1-2C87-4DCF-F490-5DD22533187E} - C:\WINDOWS\System32\wizsk32.dll

Now click the Fix Checked button to finish the repair.

Next, follow these steps to reboot into Safe Mode and delete the offending files.

Start in Safe Mode Using the F8 method:* Restart the computer.
* As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press Enter.
We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Find the following files/directories and delete them (don't worry if they are already gone):C:\WINDOWS\System32\Ocijmokj.dll
C:\WINDOWS\System32\wizsk32.dll

Next, let's clean up the temporary directories:* Click Start
* Point to Programs
* Point to Accessories
* Point to System Tools
* Click Disk Cleanup
* Select all items shown and click the OK button.
OK. Reboot your computer normally.

You are currently running an older version of HijackThis. Please click on the link below and download the most current version:

Download HijackThis

Additionally, your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Unzip or copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
OT
Hello again Dynoboy5000. Yup, You've got a couple of items to fix. To begin, print these directions and then close all open windows (including this one).

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Ocijmokj.dll
O21 - SSODL: mtklefap - {63C51DA1-2C87-4DCF-F490-5DD22533187E} - C:\WINDOWS\System32\wizsk32.dll

Now click the Fix Checked button to finish the repair.

Next, follow these steps to reboot into Safe Mode and delete the offending files.

Start in Safe Mode Using the F8 method:* Restart the computer.
* As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press Enter.
We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Find the following files/directories and delete them (don't worry if they are already gone):C:\WINDOWS\System32\Ocijmokj.dll
C:\WINDOWS\System32\wizsk32.dll

Next, let's clean up the temporary directories:* Click Start
* Point to Programs
* Point to Accessories
* Point to System Tools
* Click Disk Cleanup
* Select all items shown and click the OK button.
OK. Reboot your computer normally.

You are currently running an older version of HijackThis. Please click on the link below and download the most current version:

Download HijackThis

Additionally, your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Unzip or copy and paste HijackThis.exe to the new folder.
3. Close ALL windows except HJT
4. SCAN with HJT
5. POST the new log in this thread using 'Add Reply'
OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 Dynoboy5000

Dynoboy5000
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 11 February 2005 - 12:32 PM

Thank you for the instructions. I will follow them to the letter and post the results(And new log) within one hour of this post. Just a friendly warning, there is more than one pc that is having problems, so I may ask for help with them later on.

Edited by Dynoboy5000, 11 February 2005 - 12:33 PM.


#5 Dynoboy5000

Dynoboy5000
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 11 February 2005 - 01:04 PM

Unfortunate event. I have been unable to use the instructions provided by you. My teacher, in my absence, ran multiple spyware/virus/blah detection and removal programs and has "seemingly" fixed the problems, so I have to actually go to classes now. I may be back later if these problems arise again. Thank you for your time and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users