Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New User, Here's my log

Started by chris4christ , Feb 05 2005 08:02 PM

  • Please log in to reply

#1
chris4christ
Posted 05 February 2005 - 08:02 PM

chris4christ

    New Member

  • Member
  • Pip
  • 3 posts
Well, If I can keep my cool through all the pop-ups, "other program busy", "program manager not responding" messages maybe I can post my HJT log and get some help. HELP!!
Sony Vaio PCG-F590 PentiumIII 744Mhz 256ram XP home...

Logfile of HijackThis v1.99.0
Scan saved at 8:43:26 PM, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Papldp.exe
C:\WINDOWS\SysCheckBop32.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
C:\WINDOWS\System32\msnav32.exe
C:\WINDOWS\sys02325243962.exe
C:\windows\system32\bdjxzr.exe
C:\windows\system32\packager.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\ntkwan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Documents and Settings\Valued Sony Customer\Application Data\ssup.exe
C:\WINDOWS\System32\n?tepad.exe
C:\WINDOWS\System32\wingjje32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Documents and Settings\Valued Sony Customer\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = atti.com
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {100645AF-2C6D-4B66-9669-B660BFC7309D} - C:\WINDOWS\System32\vwrpe.dll
O2 - BHO: (no name) - {2842871E-48AA-4F5A-81AF-1634E456B490} - C:\WINDOWS\System32\ixwlsd.dll
O2 - BHO: (no name) - {2D64E84E-27DC-2F2B-8E09-2F27C5E3BF93} - C:\WINDOWS\System32\pobuvk.dll (file missing)
O2 - BHO: (no name) - {3BDDAAB7-6424-30D2-2903-3FB67C18F0CF} - C:\WINDOWS\System32\coucmw.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O2 - BHO: SDWin32 Class - {858EBA74-D230-4927-B82B-4989311CC8E6} - C:\WINDOWS\System32\pydnc.dll
O2 - BHO: SDWin32 Class - {89B71BBE-92BF-44B2-B4F9-FD7A91BB87A5} - C:\WINDOWS\System32\eoukm.dll
O2 - BHO: (no name) - {96F4AC4B-3586-6825-DA5C-3AE6098F59C4} - C:\WINDOWS\System32\vptevzi.dll
O2 - BHO: (no name) - {97F4AE4B-35F7-605E-DA5A-39E6098859C3} - C:\WINDOWS\System32\vptevzi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAF6EF77-79BA-7412-B35A-2A17566A7C9D} - C:\WINDOWS\System32\wjmdh.dll (file missing)
O2 - BHO: SDWin32 Class - {FAB63D08-6F83-4338-8562-CCE61E2211EC} - C:\WINDOWS\System32\dfjhr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ljydjn.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Papldp.exe
O4 - HKLM\..\Run: [eoukmc] C:\WINDOWS\System32\eoukmc.exe
O4 - HKLM\..\Run: [dfjhrc] C:\WINDOWS\System32\dfjhrc.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [App32dll] C:\WINDOWS\System32\msnav32.exe dvd
O4 - HKLM\..\Run: [pydncc] C:\WINDOWS\System32\pydncc.exe
O4 - HKLM\..\Run: [vwrpec] C:\WINDOWS\System32\vwrpec.exe
O4 - HKLM\..\Run: [sys02325243962] C:\WINDOWS\sys02325243962.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [bdjxzr] c:\windows\system32\bdjxzr.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [r28R36V] ntkwan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Rtso] C:\Documents and Settings\Valued Sony Customer\Application Data\ssup.exe
O4 - HKCU\..\Run: [Rfjyuz] C:\WINDOWS\System32\??chost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\Software\..\Telephony: DomainName = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = comcast.net
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks in advance, Chris
  • 0

Advertisements

#2
coachwife6
Posted 05 February 2005 - 11:14 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
This should get you started
You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: (no name) - {2D64E84E-27DC-2F2B-8E09-2F27C5E3BF93} - C:\WINDOWS\System32\pobuvk.dll (file missing)
O2 - BHO: (no name) - {3BDDAAB7-6424-30D2-2903-3FB67C18F0CF} - C:\WINDOWS\System32\coucmw.dll (file missing)
O2 - BHO: (no name) - {EAF6EF77-79BA-7412-B35A-2A17566A7C9D} - C:\WINDOWS\System32\wjmdh.dll (file missing)

O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AutoUpdater] \"C:\Program Files\AutoUpdate\AutoUpdate.exe\"
O4 - HKCU\..\Run: [Rtso] C:\Documents and Settings\Valued Sony Customer\Application Data\ssup.exe
O4 - HKCU\..\Run: [Rfjyuz] C:\WINDOWS\System32\??chost.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files (if found):

C:\WINDOWS\BTGrab.dll
- C:\Program Files\CxtPls\cxtpls.dll
C:\WINDOWS\Helper101.dll
C:\WINDOWS\System32\pobuvk.dll
C:\WINDOWS\System32\coucmw.dll
C:\WINDOWS\System32\wjmdh.dll
C:\Program Files\CSBB
]C:\WINDOWS\SysCheckBop32
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\isrvs
C:\WINDOWS\isrvs\
C:\WINDOWS\System32\wsxsvc
C:\PROGRA~1\VBOUNCER
C:\WINDOWS\farmmext.exe
\"C:\Program Files\AutoUpdate\AutoUpdate.exe\"
C:\Documents and Settings\Valued Sony Customer\Application Data\ssup.exe
C:\WINDOWS\System32\??chost.exe[/B]

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#3
chris4christ
Posted 08 February 2005 - 09:45 PM

chris4christ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, and thanks. When I try to boot into safe mode, after I choose "safe mode", then "Windows XP Home", there is a log of files, such as "multi(0)rdisk(0)partition(1)WINDOWS\System32\DRIVERS\agp440.sys". The file I've illustrated is actually the last in the list, then the HD light flashes a few times, then stays lit, and thats it.
So, What should I do now?

Much thanks for all you folks do,
Chris
  • 0

#4
coachwife6
Posted 08 February 2005 - 09:52 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Clean out your temp. files and run adaware. Reboot. Run Hijck This again and see if the same files you checked off are still there. If they are, repeat the instructions already given. Reboot and post a new log. :tazz:
  • 0

#5
chris4christ
Posted 09 February 2005 - 07:22 AM

chris4christ

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Please excuse my caution, but could you be specific about how to empty the temp. files?
Thanks,
Chris :tazz:
  • 0

#6
Windsun
Posted 09 February 2005 - 07:57 AM

Windsun

    Member

  • Member
  • PipPip
  • 20 posts
The way I do it is just START > RUN and type %temp%. Delete it all. Will probably be a couple that won't delete - usually temp files for programs that are running.

Also use the Start > control panel > performance & maint.
  • 0

#7
coachwife6
Posted 09 February 2005 - 08:03 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.
:tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP