Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log - Ken


  • This topic is locked This topic is locked
2 replies to this topic

#1 demonnit

demonnit

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 30 November 2004 - 02:11 PM

My machine is now incredibly slow and sporadic. Also, I am not able to install any security updates or dl SP2... Any help would be APPRECIATED! :-)

Logfile of HijackThis v1.97.7
Scan saved at 1:45:27 PM, on 11/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cusrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motive\motmon.exe
C:\documents and settings\default\local settings\temp\1gX.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\documents and settings\default\local settings\temp\CzURToG16.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\default\local settings\temp\5yA.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\documents and settings\default\local settings\temp\Oe36y.exe
C:\Program Files\CSBB\CSV7P72.exe
C:\WINDOWS\System32\INLOADER.exe
C:\documents and settings\default\local settings\temp\axiao.exe
C:\WINDOWS\System32\sca9dmod.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Documents and Settings\default\Application Data\smwu.exe
C:\WINDOWS\System32\r?ndll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Dell\Solution Center\Service.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\WINDOWS\System32\DlnX0j.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\Dyf0o5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\CMS\Client Profiles for Windows\cpwin.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\CMS\Client Profiles for Windows\cpwin.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\default\LOCALS~1\Temp\ofnisys.dat
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll
O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
O2 - BHO: (no name) - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O2 - BHO: (no name) - {1CF94759-B261-4DC4-8720-635504F07B1B} - C:\WINDOWS\System32\xjw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)
O2 - BHO: (no name) - {6FFA1507-B316-35EA-8752-15550AF62B4C} - C:\WINDOWS\System32\xcpunt.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\default\Local Settings\Temp\pln.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [1gX] C:\documents and settings\default\local settings\temp\1gX.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
O4 - HKLM\..\Run: [CzURToG16] C:\documents and settings\default\local settings\temp\CzURToG16.exe
O4 - HKLM\..\Run: [pImSf] C:\documents and settings\default\local settings\temp\pImSf.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NCfVe3x9] C:\documents and settings\default\local settings\temp\NCfVe3x9.exe
O4 - HKLM\..\Run: [IUeIbPNx] C:\documents and settings\default\local settings\temp\IUeIbPNx.exe
O4 - HKLM\..\Run: [p7bvl] C:\documents and settings\jennifer\local settings\temp\p7bvl.exe
O4 - HKLM\..\Run: [RP] C:\documents and settings\jennifer\local settings\temp\RP.exe
O4 - HKLM\..\Run: [ySv8eRi] C:\documents and settings\default\local settings\temp\ySv8eRi.exe
O4 - HKLM\..\Run: [luuA] C:\documents and settings\default\local settings\temp\luuA.exe
O4 - HKLM\..\Run: [2@BPZ4A5LY3LWC] C:\WINDOWS\System32\Vqxu.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [5yA] C:\documents and settings\default\local settings\temp\5yA.exe
O4 - HKLM\..\Run: [dd42b7abde5c] C:\WINDOWS\System32\Dc50ip32.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [p7ljKY] C:\documents and settings\default\local settings\temp\p7ljKY.exe
O4 - HKLM\..\Run: [Oe36y] C:\documents and settings\default\local settings\temp\Oe36y.exe
O4 - HKLM\..\Run: [CSV7P72] C:\Program Files\CSBB\CSV7P72.exe
O4 - HKLM\..\Run: [9d0324fb42ec] C:\WINDOWS\System32\INLOADER.exe
O4 - HKLM\..\Run: [*cwms] C:\WINDOWS\Fonts\cwms.exe
O4 - HKLM\..\Run: [*svcole] C:\WINDOWS\inf\svcole.exe
O4 - HKLM\..\Run: [*expbin] C:\WINDOWS\Driver Cache\expbin.exe
O4 - HKLM\..\Run: [axiao] C:\documents and settings\default\local settings\temp\axiao.exe
O4 - HKLM\..\Run: [p4mX37l] sca9dmod.exe
O4 - HKLM\..\Run: [*msun] C:\WINDOWS\AppPatch\msun.exe
O4 - HKLM\..\Run: [*infoodbc] C:\WINDOWS\system\drivers\infoodbc.exe
O4 - HKLM\..\Run: [*tapidos] C:\WINDOWS\Config\tapidos.exe
O4 - HKLM\..\Run: [*bakxml] C:\WINDOWS\inf\bakxml.exe
O4 - HKLM\..\Run: [*ipdisk] C:\WINDOWS\system32\Com\ipdisk.exe
O4 - HKLM\..\Run: [*sysinfo] C:\WINDOWS\Help\sysinfo.exe
O4 - HKLM\..\Run: [*avnut] C:\WINDOWS\system\NVSYS\avnut.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Arud] C:\Documents and Settings\default\Application Data\smwu.exe
O4 - HKCU\..\Run: [Ocykrdpt] C:\WINDOWS\System32\r?ndll32.exe
O4 - HKLM\..\RunOnce: [*msun] C:\WINDOWS\AppPatch\msun.exe rerun
O4 - HKLM\..\RunOnce: [*cwms] C:\WINDOWS\Fonts\cwms.exe rerun
O4 - HKLM\..\RunOnce: [*tapidos] C:\WINDOWS\Config\tapidos.exe rerun
O4 - HKLM\..\RunOnce: [*bakxml] C:\WINDOWS\inf\bakxml.exe rerun
O4 - HKLM\..\RunOnce: [*infoodbc] C:\WINDOWS\system\drivers\infoodbc.exe rerun
O4 - HKLM\..\RunOnce: [*sysinfo] C:\WINDOWS\Help\sysinfo.exe rerun
O4 - HKLM\..\RunOnce: [*avnut] C:\WINDOWS\system\NVSYS\avnut.exe rerun
O4 - HKLM\..\RunOnce: [*ipdisk] C:\WINDOWS\system32\Com\ipdisk.exe rerun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Dell Service.lnk = C:\Program Files\Dell\Solution Center\Service.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

BC AdBot (Login to Remove)

 


m

#2 ~Ayeka~

~Ayeka~

    Princess of Jurai


  • Members
  • 580 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 30 November 2004 - 11:44 PM

Hi demonnit,
Welcome to BC! :thumbsup:


Please print out these instructions as there are many steps.

Be sure your system is configured to show hidden files.

Download KillBox. Extract it from the zip file then double-click on Killbox.exe to run it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see cwms.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\Fonts\cwms.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see svcole.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\inf\svcole.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see expbin.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\Driver Cache\expbin.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see msun.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\AppPatch\msun.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see infoodbc.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\system\drivers\infoodbc.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see tapidos.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\Config\tapidos.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see bakxml.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\inf\bakxml.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see ipdisk.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\system32\Com\ipdisk.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see sysinfo.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\Help\sysinfo.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.

Posted Image In the drop down menu next to the yellow triangle scroll until you see avnut.exe and select it.
Click the yellow triangle and click yes that you want to end task.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry: C:\WINDOWS\system\NVSYS\avnut.exe

Next, click on the Action menu and choose "Delete on Reboot". Click the button with the red circle with a white X in it.
Close Killbox.

Reboot into Safe Mode.

Then, clean out your Temp folders:
Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Reboot normally and download the latest version of HijackThis, which is 1.98.2, from here: http://www.bleepingcomputer.com/files/Merijn/HijackThis.zip.

Create a permanent folder for your HijackThis:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".

Now, you can unzip HijackThis into your new C:\HJT folder.

After that, please post a new log here.

#3 ~Ayeka~

~Ayeka~

    Princess of Jurai


  • Members
  • 580 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 04 December 2004 - 10:00 PM

This thread will be closed, being helped here: http://www.bleepingcomputer.com/forums/ind...st=0#entry39396




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users