Jump to content


Photo

Help with my HJT log


  • Please log in to reply
1 reply to this topic

#1 Snippy24

Snippy24

    Member

  • New Member
  • Pip
  • 2 posts

Posted 27 July 2004 - 06:41 PM

Computer running very, very slow. Please help...Thanks in advance

**I have ran adware, virus scan, and shredder before HJT scan.**

Logfile of HijackThis v1.97.7
Scan saved at 10:10:07 AM, on 7/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\Promon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\Sktempdm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\haqgzt.exe
C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jerry smith\Local Settings\Temporary Internet Files\Content.IE5\BWFOGY3Y\HijackThis[1].exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0B41681E-A93E-5B24-90B9-EE0964891557} - C:\WINDOWS\System32\idpefiac.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {9789EE44-D366-5FC3-4238-6C89CD90A6D5} - C:\WINDOWS\System32\lurdhrwc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {B34D9A31-53D3-8C98-E62F-DD2AACDC1B61} - C:\WINDOWS\System32\fxnagwkt.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2143D4D-6B0C-5C39-34CF-5BE6B3C7E836} - C:\WINDOWS\System32\otlucffd.dll (file missing)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\system32\MSKernel32.vbs
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [njzfwifx] C:\WINDOWS\mdodjosd.exe
O4 - HKLM\..\Run: [bvhzxqgx] C:\WINDOWS\System32\bvhzxqgx.exe
O4 - HKLM\..\Run: [mnosjkzm] C:\WINDOWS\System32\mnosjkzm.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [bitphklcimsqi] C:\WINDOWS\System32\haqgzt.exe
O4 - HKLM\..\Run: [KUJ] C:\documents and settings\jerry smith\local settings\temp\KUJ.exe
O4 - HKLM\..\Run: [8JdIC] C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [rsoi3EX] pjlinhin.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [digestw] C:\WINDOWS\System32\digestw.exe
O4 - HKLM\..\Run: [zcdlgw] C:\WINDOWS\System32\zcdlgw.exe
O4 - HKLM\..\RunServices: [Win32DLL] C:\WINDOWS\Win32DLL.vbs
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [aB7sROb4R] pzjntf.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDo

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 28 July 2004 - 09:58 AM

Welcome to SWI.
Print out these instructions so you can read them while you clean your system.

Move Hijack This to its own folder.Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Move hijack this there. Hijack this makes backups of everything you fix, these backups are saved in the same folder the program is.

Now close all open windows AND browsers and check these items for HJT to fix:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0B41681E-A93E-5B24-90B9-EE0964891557} - C:\WINDOWS\System32\idpefiac.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {9789EE44-D366-5FC3-4238-6C89CD90A6D5} - C:\WINDOWS\System32\lurdhrwc.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: (no name) - {B34D9A31-53D3-8C98-E62F-DD2AACDC1B61} - C:\WINDOWS\System32\fxnagwkt.dll (file missing)
O2 - BHO: (no name) - {E2143D4D-6B0C-5C39-34CF-5BE6B3C7E836} - C:\WINDOWS\System32\otlucffd.dll (file missing)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [MSKernel32] C:\WINDOWS\system32\MSKernel32.vbs
O4 - HKLM\..\Run: [njzfwifx] C:\WINDOWS\mdodjosd.exe
O4 - HKLM\..\Run: [bvhzxqgx] C:\WINDOWS\System32\bvhzxqgx.exe
O4 - HKLM\..\Run: [mnosjkzm] C:\WINDOWS\System32\mnosjkzm.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [bitphklcimsqi] C:\WINDOWS\System32\haqgzt.exe
O4 - HKLM\..\Run: [KUJ] C:\documents and settings\jerry smith\local settings\temp\KUJ.exe
O4 - HKLM\..\Run: [8JdIC] C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [rsoi3EX] pjlinhin.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [digestw] C:\WINDOWS\System32\digestw.exe
O4 - HKLM\..\Run: [zcdlgw] C:\WINDOWS\System32\zcdlgw.exe
O4 - HKLM\..\RunServices: [Win32DLL] C:\WINDOWS\Win32DLL.vbs
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [aB7sROb4R] pzjntf.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe


For TV-Media, you will need to run this Regedit:

Copy the entire contents inside of the QUOTE box into Notepad, hit enter to add a blank line. Then save as remove.reg (save as type: 'all files' ) to the desktop

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""


Go to the Desktop and DoubleClick Remove.reg, hit yes on the prompt to add its contents to the Registry!

Please reboot into safe mode - How do I boot into "Safe" mode?

Go to Add/Remove Programs in the Control Panel and uninstall:
Web_Rebates
if listed.


Delete these files:
C:\WINDOWS\mdodjosd.exe
C:\WINDOWS\Win32DLL.vbs
C:\WINDOWS\System32\idpefiac.dll
C:\WINDOWS\System32\lurdhrwc.dll
C:\WINDOWS\System32\MSKernel32.vbs
C:\WINDOWS\System32\bvhzxqgx.exe
C:\WINDOWS\System32\mnosjkzm.exe
C:\WINDOWS\System32\haqgzt.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\digestw.exe
C:\WINDOWS\System32\haqgzt.exe
C:\documents and settings\jerry smith\local settings\temp\8JdIC.exe
C:\documents and settings\jerry smith\local settings\temp\KUJ.exe

Find (f3) and delete:
pzjntf.exe
pjlinhin.exe


Delete these folders

C:\Program Files\TV Media
C:\Program Files\Common Files\midaddle
c:\installer
C:\Program Files\Web_Rebates


You may need to show hidden files to delete them.How to show all hidden and system files

The following DIRECTORY CONTENTS (But not the directory) need to be deleted while in safe mode.
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet
content including cookies. This is recommended and strongly suggested.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Then disable your system restore

1 Right-click My Computer, and then click Properties.
2 Click the System Restore tab.
3 Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
4 Click Apply
5 this will delete all existing restore points. Click Yes to do this.
6 Click OK.

Reboot into normal mode enable System Restore and post a fresh log in this thread to give you further recommendations.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button