Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log file - help needed


  • Please log in to reply
2 replies to this topic

#1 biffta

biffta

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 24 April 2005 - 11:13 AM

A took a copy of my friend's PC HJT log. His PC runs VERY slowly all the time. The CPU is nearly always at 100%. He may have more serious problems than spyware but just incase here is his log
Logfile of HijackThis v1.99.1

Scan saved at 16:31:22, on 24/04/2005

Platform: Windows XP  (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\LogWatNT.exe

C:\Program Files\Microsoft SQL Server\MSSQL$ACM\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

C:\WINDOWS\Explorer.exe

C:\WINDOWS\winppr32.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\System32\System32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\WINZIP\wzqkpick.exe

C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe

C:\Documents and Settings\Windows User\Desktop\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.odeon.co.uk/pls/Odeon/Odeon_general.cinema_xyz?CINEMA=barnet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.livejournal.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.livejournal.com"); (C:\Documents and Settings\Windows User\Application Data\Mozilla\Profiles\default\4dz947ac.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Windows User\Application Data\Mozilla\Profiles\default\4dz947ac.slt\prefs.js)

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O1 - Hosts: 217.116.231.7 aimtoday.aol.com

O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-00D0B760B4EB} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: longinforoad - {75E26389-50FD-9E81-A81D-F3FEA702DDB2} - C:\PROGRA~1\dupemath\clock bat.dll

O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {FAC6E0E1-5D45-4907-BC00-302D702DCC73} - C:\WINDOWS\SYSTEM32\cpr.dll (file missing)

O2 - BHO: (no name) - {ff9a4a4f-ec09-4154-8cc4-524dddefe - (no file)

O2 - BHO: (no name) - {ff9a4a4f-ec09-4154-8cc4-524dddefe7 - (no file)

O2 - BHO: (no name) - {ff9a4a4f-ec09-4154-8cc4-524dddefe7b - (no file)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D} - C:\Program Files\Topicks\Bin\TpBar.dll

O3 - Toolbar: jugs setup - {381B2772-1362-8162-7167-234742CCB2A1} - C:\PROGRA~1\dupemath\clock bat.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/FON19106/flash.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)


BC AdBot (Login to Remove)

 


#2 MowGreen

MowGreen

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 AM

Posted 24 April 2005 - 05:16 PM

Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

This system is in dire need of updating. Besides, it is infested with more than spyware. Strongly suggest you go here and at least get the free one year subscription, install, and then update it.
Next, show hidden files, folders, and system files .
Now scan the system with eTrust and have it remove all it finds.
Reboot to Safe Mode and do another scan.
When you're done, with all programs and browsers closed, scan again with HijackThis, and post back with the log.
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

#3 MowGreen

MowGreen

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 AM

Posted 24 April 2005 - 05:17 PM

Ooops ... hit the wrong button. :thumbsup:

Edited by MowGreen, 24 April 2005 - 05:19 PM.

Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users