Hijackthis log file - system slow, websites blocked

Status
Not open for further replies.
C

countingmx

Posts: 6   +0
Have run Spybot S&D, AVG, and viruses were supposedly isolated, but the problem continues. PC is slow, will not perform on the Web, have difficulty accessing My Documents, etc.

My Hijack This log file was too long to post here!

So I have cut it in two. Please see next thread for part 2.

This makes it all the more challenging. Any advice?

Logfile of HijackThis v1.99.1
Scan saved at 8:47:48 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\hjt\HijackThis.exe
 
Hijackthis! (too long) log file Part 2 of 2 -- oops! CAN'T POST

I still cannot fit the rest of my Hijack this file -- it's too long by a few hundred characters and now I get this error message.

1 . To be able to post links or images your post count must be 5 or greater. You currently have 1 posts. Please remove links from your message, then you will be able to submit your post.

Unfortunately, my Hijack this log file contains links in the form of start pages, etc.

Is this forum an appropriate place to ask for support? There seem to be strict limitations imposed here making my request impossible. Can anyone suggest a board where I can post my Hijack this file and ask for help?

Thanks in advance




I am not sure where to cut it so here is part two of three (or more?)


LOG part 2 of 3


COULD NOT POST LOG BECAUSE OF TECHSPOT LIMITATIONS TO POSTING (TOO MANY CHARACTERS, UNABLE TO POST LINKS THAT ARE EMBEDDED IN HIJACK THIS LOG, ETC.)
 
Your log is too long because you have WAY too many programs installed and running! You are also using an old version of HijackThis. You will find it on Step 4 here:
STEP4: Make sure you have the LATEST version of HJT (currently v2.0.0.2) from
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

When finished running, re-post our log according to the directions. Consider reviewing your installed programs list also. If you don't know what they're for, do a search. If you don't use them, uninstall them!
 
HJT log part 1 of 2 -- thanks; needed 2 days to do the other recovery steps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:58, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
 
board won't let me submit rest of log; says I can't post URLs

I have an hjt log that is 200 characters too long
and now I can't post that cause ther'es a note i can't post urls
 
Attachments - HJT and ComboFix

I ran through the whole instructions sheet you kindly advised me to try.

The SuperAntiSpyware log did not appear available. The search was clean anyway. Do you really need that one even if it found nothing?

The panda scan was also clean.

Couldn't find my "usual name" in the safe mode, just Administrator and some test name I once set up to see if I could but never got rid of.

Looking forward to your findings.

countingmx
 
Hi :

You have an extremely outdated version of Sun's Java, a serious security risk ;
should uninstall it and any other versions of this program you have; the latest
version is available from www.java.com . You are NOT using the best
antiSPYWARE programs with Ad-Aware & Spybot ; would be wise to continue with
SUPERAntiSpyware and possibly MalwareBytes' Anti-Malware . Since you have
SpywareGuard on your computer, you most likely know NOT to use Spybot's
"TeaTimer" !? And I noticed what appears to be an unnecessary "Symantec
Network Drivers Service" !?
I have read numerous "Reports" of people having problems with AVG's "New" 8.0
Version ; many are either "going back" to ver 7.5 or "switching" to another AV,
such as the FREE Avast Home Edition ; perhaps you should look into doing
likewise !?
There is a very good and FREE program available for checking IF your programs
have the latest, secure version ; would recommend you periodically use the
Online Scanner at http://secunia.com/software_inspector .
 
Great; on it -- say, anything to click "fix" in HJT?

Didn't spot that outdated Sun stuff. Will get to work on your tips right away and let you know how it goes. So Adaware and Spybot are no longer at the top of their game. So much to keep track of. Thanks for your time.

countingmx
 
Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\nokkhidj.dll
C:\WINDOWS\system32\sakywdwa.dll
C:\WINDOWS\system32\asisrmbm.dll
C:\WINDOWS\system32\upvfux.dll
C:\WINDOWS\system32\ghdwqbwb.dll
C:\WINDOWS\system32\wmklswoh.dll
C:\WINDOWS\system32\raslultl.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fc8b81c7"=-
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), attach Combofix.txt in your next reply

==========================================================

please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

*)combofix log
1)MBAM log
2)SAS log
3)Hijackthis log (Last step)
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
782
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back