Hijackthis log file - system slow, websites blocked

By countingmx
Jul 30, 2008
Topic Status:
Not open for further replies.
  1. Have run Spybot S&D, AVG, and viruses were supposedly isolated, but the problem continues. PC is slow, will not perform on the Web, have difficulty accessing My Documents, etc.

    My Hijack This log file was too long to post here!

    So I have cut it in two. Please see next thread for part 2.

    This makes it all the more challenging. Any advice?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:47:48 AM, on 7/30/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\hjt\HijackThis.exe
  2. countingmx

    countingmx Newcomer, in training Topic Starter

    Hijackthis! (too long) log file Part 2 of 2 -- oops! CAN'T POST

    I still cannot fit the rest of my Hijack this file -- it's too long by a few hundred characters and now I get this error message.

    1 . To be able to post links or images your post count must be 5 or greater. You currently have 1 posts. Please remove links from your message, then you will be able to submit your post.

    Unfortunately, my Hijack this log file contains links in the form of start pages, etc.

    Is this forum an appropriate place to ask for support? There seem to be strict limitations imposed here making my request impossible. Can anyone suggest a board where I can post my Hijack this file and ask for help?

    Thanks in advance




    I am not sure where to cut it so here is part two of three (or more?)


    LOG part 2 of 3


    COULD NOT POST LOG BECAUSE OF TECHSPOT LIMITATIONS TO POSTING (TOO MANY CHARACTERS, UNABLE TO POST LINKS THAT ARE EMBEDDED IN HIJACK THIS LOG, ETC.)
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Your log is too long because you have WAY too many programs installed and running! You are also using an old version of HijackThis. You will find it on Step 4 here:
    STEP4: Make sure you have the LATEST version of HJT (currently v2.0.0.2) from
    http://www.techspot.com/vb/topic58138.html

    When finished running, re-post our log according to the directions. Consider reviewing your installed programs list also. If you don't know what they're for, do a search. If you don't use them, uninstall them!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  5. countingmx

    countingmx Newcomer, in training Topic Starter

    HJT log part 1 of 2 -- thanks; needed 2 days to do the other recovery steps

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:05:58, on 8/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe
  6. countingmx

    countingmx Newcomer, in training Topic Starter

    board won't let me submit rest of log; says I can't post URLs

    I have an hjt log that is 200 characters too long
    and now I can't post that cause ther'es a note i can't post urls
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please see this:
    How to post your Hijackthis log-file as an ATTACHMENT: http://www.techspot.com/vb/topic19133.html

    Wait until you have run all of the programs, then attach the logs as instructed. The partial log above- again- does not have all the needed information.
  8. countingmx

    countingmx Newcomer, in training Topic Starter

    Attachments - HJT and ComboFix

    I ran through the whole instructions sheet you kindly advised me to try.

    The SuperAntiSpyware log did not appear available. The search was clean anyway. Do you really need that one even if it found nothing?

    The panda scan was also clean.

    Couldn't find my "usual name" in the safe mode, just Administrator and some test name I once set up to see if I could but never got rid of.

    Looking forward to your findings.

    countingmx
  9. SpiritWind

    SpiritWind Newcomer, in training Posts: 164

    Hi :

    You have an extremely outdated version of Sun's Java, a serious security risk ;
    should uninstall it and any other versions of this program you have; the latest
    version is available from www.java.com . You are NOT using the best
    antiSPYWARE programs with Ad-Aware & Spybot ; would be wise to continue with
    SUPERAntiSpyware and possibly MalwareBytes' Anti-Malware . Since you have
    SpywareGuard on your computer, you most likely know NOT to use Spybot's
    "TeaTimer" !? And I noticed what appears to be an unnecessary "Symantec
    Network Drivers Service" !?
    I have read numerous "Reports" of people having problems with AVG's "New" 8.0
    Version ; many are either "going back" to ver 7.5 or "switching" to another AV,
    such as the FREE Avast Home Edition ; perhaps you should look into doing
    likewise !?
    There is a very good and FREE program available for checking IF your programs
    have the latest, secure version ; would recommend you periodically use the
    Online Scanner at http://secunia.com/software_inspector .
  10. countingmx

    countingmx Newcomer, in training Topic Starter

    Great; on it -- say, anything to click "fix" in HJT?

    Didn't spot that outdated Sun stuff. Will get to work on your tips right away and let you know how it goes. So Adaware and Spybot are no longer at the top of their game. So much to keep track of. Thanks for your time.

    countingmx
  11. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), attach Combofix.txt in your next reply

    ==========================================================

    please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    *)combofix log
    1)MBAM log
    2)SAS log
    3)Hijackthis log (Last step)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.